U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): browser
  • Search Type: Search All
There are 3,624 matching records.
Displaying matches 3,481 through 3,500.
Vuln ID Summary CVSS Severity
CVE-2007-0324

Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors.

Published: February 15, 2007; 6:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-0929

Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.

Published: February 14, 2007; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0878

Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.

Published: February 12, 2007; 3:28:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-6983

Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Published: February 08, 2007; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-6988

Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Published: February 08, 2007; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-6990

Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Published: February 08, 2007; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-6991

Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Published: February 08, 2007; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-6992

Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Published: February 08, 2007; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-6980

The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.

Published: February 08, 2007; 1:28:00 PM -0500
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-6982

3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials.

Published: February 08, 2007; 1:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0044

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

Published: January 03, 2007; 4:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-6909

Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.

Published: December 31, 2006; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-6572

Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information.

Published: December 15, 2006; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2006-6509

Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.

Published: December 13, 2006; 7:28:00 PM -0500
V3.x:(not available)
V2.0: 4.1 MEDIUM
CVE-2006-6308

Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability

Published: December 06, 2006; 3:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-6297

Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.

Published: December 05, 2006; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-5925

Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.

Published: November 15, 2006; 2:07:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-5806

SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.

Published: November 08, 2006; 5:07:00 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

Published: October 17, 2006; 5:07:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.

Published: September 14, 2006; 5:07:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM