nortel optivity_telephony_manager Security Vulnerabilities

2 Vulnerabilities
Description

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Impacted versions: *

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-1319, Last Modified: 2019-04-30T14:27:00Z

References

Exploit Exploit Patch Patch Patch Patch Patch Exploit Exploit Exploit Patch Patch Patch

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

Impacted versions: *

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-0839, Last Modified: 2019-04-30T14:27:00Z

References

Vendor Advisory Patch Patch Patch Exploit Exploit Exploit Patch Patch Patch
Free Home-Networking Courses, tutorials and security checklists

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.