Vulnerability & Exploit Database

Displaying entries 31 - 40 of 121291 in total

MFSA2017-24 Firefox: Security vulnerabilities fixed in Firefox 57 (CVE-2017-7834) Vulnerability

  • Severity: 4
  • Published: November 13, 2017

A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks.

Microsoft CVE-2017-11856: Internet Explorer Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: November 13, 2017

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the c...

Microsoft CVE-2017-11788: Windows Search Denial of Service Vulnerability Vulnerability

  • Severity: 4
  • Published: November 13, 2017

A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. Additionally, ...

Microsoft CVE-2017-11876: Microsoft Project Server Elevation of Privilege Vulnerability Vulnerability

  • Severity: 4
  • Published: November 13, 2017

An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not properly manage user sessions. For this Cross-site Request Forgery(CSRF/XSRF) vulnerability to be exploited, the victim must be authenticated to (logged on) the target site. In a web-based attack scenario an attacker could host a we...