Search
Keyword: HTML_SOHANAD
arbitrary web script or HTML via unspecified parameters that are used within 'error messages of the HTTP stack.' Novell eDirectory 8.7.3.9,Novell eDirectory 8.8,Novell eDirectory 8.8.1,Novell eDirectory 8.8.2
SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. microsoft ie 8,microsoft office_infopath
inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. Microsoft sharepoint_server 2007,Microsoft sharepoint_services 3.0,Microsoft
arbitrary web script or HTML via an RSS feed. Apple Safari 4.0,Apple Safari 4.0.0b,Apple Safari 4.0.1,Apple Safari 4.0.2,Apple Safari 4.0.3,Apple Safari 4.0.4,Apple Safari 4.0.5,Apple Safari 4.1,Apple Safari
CVE-2009-2990 Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
CVE-2009-2979 Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a
CVE-2009-1934 Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via
OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Apple Safari 4.0,Apple Safari
arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style. Apple Safari 4.0,Apple Safari 4.0.0b,Apple Safari 4.0.1,Apple Safari
CVE-2008-2247,ms08-039 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified
CVE-2010-0053 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors
CVE-2010-0048 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML
properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML
CVE-2008-5500 The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial
CVE-2010-2482 LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and
CVE-2005-2379 Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2)
CVE-2010-3682 Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION
attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. Apple Safari 4.0,Apple Safari 4.0.0b,Apple Safari
or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. Apache Software Foundation Apache HTTP Server 2.2,Apache Software Foundation Apache HTTP Server 2.2.1,Apache Software Foundation
earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Apply associated Trend Micro DPI Rules.