Search
Keyword: HTML_SOHANAD
element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was
files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated
CVE-2006-0663 Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject;
arbitrary web script or HTML via unspecified vectors. IBM Lotus Domino 6.5.6,IBM Lotus Domino 7.0,IBM Lotus Domino 7.0.2 Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules.
and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element
web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure. IBM WebSphere Application Server 5.1.1.10,IBM WebSphere
arbitrary web script or HTML via unspecified vectors that trigger injection into an error response. IBM Websphere Edge Server 5.1,IBM Websphere Edge Server 5.1.1,IBM Websphere Edge Server 6.0,IBM Websphere
SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML
CVE-2007-4555 Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly
CVE-2005-3738 globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks,
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file
remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637. Adobe Dreamweaver Trend
attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. Microsoft Windows 2000 Advanced Server,Microsoft Windows 2000
cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." microsoft internet_explorer 5.01,microsoft internet_explorer
CVE-2007-5347,MS07-069 Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka
elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. Microsoft Internet Explorer 6 Trend Micro Deep Security shields networks through Deep Packet
cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." microsoft internet_explorer 5.01,microsoft
"Image" property. An attacker can exploit this vulnerability to inject and execute arbitrary code in the security context of the currently logged in user cve: Heap-based buffer overflow in HTML Help ActiveX
CVE-2006-1245 Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large
remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." microsoft project 2003,microsoft