Searching urls software vulnerabilities

Internet Explorer 4.0 and 5.0 allows a remote a

vulnerability | different | malicious | Explorer | security | Internet | attacker | context | variant | scripts | execute | frame" | "cross | allows | remote | using | URLs |

Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.


Web server in Tektronix PhaserLink Printer 840.

PhaserLink | Tektronix | Printer | server | Web |

Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html.


Perception LiteServe 1.25 allows remote attacke

Perception | LiteServe |

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.


Bugzilla before 2.14 includes the username and

Bugzilla | before |

Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.


DansGuardian before 2.4.5-1 allows remote attac

DansGuardian | hex-encoded | attackers | filtering | content | bypass | before | allows | remote | rules | 245-1 | URLs | via |

DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs.


The HTTP proxy for Symantec Enterprise Firewall

Enterprise | Firewall | Symantec | proxy | HTTP |

The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.


KDE Konqueror for KDE 3.1.2 and earlier does no

Konqueror | KDE |

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.


Novell iChain 2.2 before Support Pack 1 does no

accelerator | malicious | attackers | redirects | redirect | properly | Support | iChain | allows | Novell | verify | before | sites | which | match | URLs | does | Pack | name | web | DNS | URL | not |

Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.


Unknown vulnerability in Safari web browser for

vulnerability | browser | Unknown | Safari | Mac | web |

Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."


Help and Support Center in Microsoft Windows XP

Microsoft | Windows | Support | Server | Center | Help |

Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).


Cross-site scripting (XSS) vulnerability in Gal

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.


Cross-site scripting vulnerability in the parse

vulnerability | Cross-site | Gadu-Gadu | arbitrary | scripting | attackers | inject | script | parser | allows | remote | HTML | via | web |

Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410.


Eudora 6.1.0.6 allows remote attackers to obfus

Eudora |

Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g. spaces coded as " ") in the middle of the URL.


Webseries Payment Application does not properly

authenticated | Application | operations | privileged | privileges | Webseries | accessing | directly | properly | restrict | certain | Payment | allows | remote | which | users | does | URLs | gain | not |

Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.


Microsoft Outlook Web Access (OWA), when used w

Microsoft | Outlook | Access | Web |

Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.


The filtering of URLs in JunkBuster before 2.0.

JunkBuster | attackers | filtering | service | remote | denial | before | 202-r3 | allows | cause | URLs |

The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption.


mt-comments.cgi in Movable Type before 3.2 allo

mt-commentscgi | attackers | redirect | comments | Movable | before | allows | sites | other | users | URLs | Type | web | via |

mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.


new_ticket.cgi in Hostflow 2.2.1-15 allows remo

authentication | new_ticketcgi | credentials | attackers | parameter | Hostflow | replay | allows | 221-15 | remote | steal | desc | tag | via | IMG |

new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs.


Apache SpamAssassin before 3.1.8 allows remote

SpamAssassin | before | Apache |

Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."


Software vulnerabilities results 1 to 20 of 95     
Page: 12345