Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): browser
  • Search Type: Search All
There are 2,632 matching records.
Displaying matches 2,581 through 2,600.
Vuln ID Summary CVSS Severity
CVE-2002-2165

The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.

Published: December 31, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2002-2308

Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself.

Published: December 31, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-2330

Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers.

Published: December 31, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-1210

Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context.

Published: November 29, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-1217

Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0934

Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2002-1008

Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-1009

Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0723

Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."

Published: September 24, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0989

The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.

Published: September 24, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-1126

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.

Published: September 24, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.

Published: August 12, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2002-0809

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.

Published: August 12, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0832

Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.

Published: August 12, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0546

Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.

Published: July 03, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0547

Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.

Published: July 03, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0354

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

Published: June 25, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-1545

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

Published: December 31, 2001; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0921

Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.

Published: November 21, 2001; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2001-0636

Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates.

Published: September 20, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH