Page 97 of 840 results (0.015 seconds)

CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2007-4041

https://notcve.org/view.php?id=CVE-2007-4041

Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. Múltiples vulnerabilidades de inyección de argumento en Mozilla Firefox 2.0.0.5 y 3.0alpha permite a atacantes remotos ejecutar comandos de su elección mediante un byte NULL (%00) y metacaracteres de consola de comandos en URIs (1) mailto, (2) nntp, (3) news, (4) snews, ó (5) telnet, asunto similar a CVE-2007-3670. • http://www.kb.cert.org/vuls/id/783400 http://www.securityfocus.com/bid/25053 http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005 http://xs-sniper.com/blog/remote-command-exec-firefox-2005 https://bugzilla.mozilla.org/show_bug.cgi?id=389106 https://bugzilla.mozilla.org/show_bug.cgi?id=389580 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

CVE-2007-4042

https://notcve.org/view.php?id=CVE-2007-4042

Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. Múltiples vulnerabilidades de inyección de argumento en Netscape Navigator 9 permite a atacantes remotos ejecutar comandos de su elección mediante un byte NULL (%00) y metacaracteres de consola de comandos en URIs (1) mailto, (2) nntp, (3) news, (4) snews, ó (5) telnet, asunto similar a CVE-2007-3670. • http://osvdb.org/46832 http://xs-sniper.com/blog/remote-command-exec-firefox-2005 •

CVSS: 9.3EPSS: 89%CPEs: 2EXPL: 1

CVE-2007-3826

https://notcve.org/view.php?id=CVE-2007-3826

Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. Microsoft Internet Explorer 7 en Windows XP SP2 permite a atacantes remotos evitar que los usuarios abandonen un sitio, falsificar la barra de direcciones, y conducir phising y otros ataques mediante llamadas repetidas a la función document.open después de que un usuario solicite una página nueva, pero antes de invocar a la función onBeforeUnload. • http://lcamtuf.coredump.cx/ietrap3 http://osvdb.org/38212 http://secunia.com/advisories/26069 http://securityreason.com/securityalert/2892 http://securitytracker.com/id?1018788 http://www.securityfocus.com/archive/1/473702/100/0/threaded http://www.securityfocus.com/archive/1/482366/100/0/threaded http://www.securityfocus.com/bid/24911 http://www.us-cert.gov/cas/techalerts/TA07-282A.html http://www.vupen.com/english/advisories/2007/2540 https://docs.microsoft.com/en •

CVSS: 4.3EPSS: 52%CPEs: 7EXPL: 1

CVE-2007-3670 – Microsoft Internet Explorer and Mozilla Firefox - URI Handler Command Injection

https://notcve.org/view.php?id=CVE-2007-3670

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data." Una vulnerabilidad de inyección de argumentos en Microsoft Internet Explorer, cuando es ejecutado en sistemas con Firefox instalado y ciertos URIs registrados, permiten a atacantes remotos conducir ataques de tipo cross-browser scripting y ejecutar comandos arbitrarios por medio de metacaracteres de shell en un URI (1) FirefoxURL o (2) FirefoxHTML, que son insertadas en la línea de comandos que son creadas cuando se invoca el archivo firefox.exe. • https://www.exploit-db.com/exploits/30285 ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 93%CPEs: 1EXPL: 3

CVE-2007-3576

https://notcve.org/view.php?id=CVE-2007-3576

Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar. ** IMPUGNADA ** Microsoft Internet Explorer 6 ejecuta secuencias de comandos (scripts) web desde URIs de nombres de esquema arbitrarios terminados con la secuencia de caracteres "script", usando (1)el manejador vbscript: para nombres de esquema desde 7 hasta 9 caracteres, y (2) el manejador javascript: para nombres de esquema con 10 o más caracteres, lo cual podría permitir a atacantes remotos evitar determinados esquemas de protección XSS. NOTA: otros investigadores no le conceden importancia a este problema, afirmando que "esto sólo funciona cuando se escribe en la barra de direcciones". • http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0 http://ha.ckers.org/blog/20070702/ie60-protocol-guessing http://osvdb.org/45813 http://sla.ckers.org/forum/read.php?2%2C13209%2C13218 http://www.0x000000.com/?i=375 •