83 matches found
SUSE CVE-2015-8000
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...
Microsoft Office class attribute double-free vulnerability
Talos Vulnerability Report TALOS-2022-1591 Microsoft Office class attribute double-free vulnerability November 15, 2022 CVE Number CVE-2022-41106 SUMMARY A double-free vulnerability exists in the class attribute functionality of Microsoft Office Excel 2019 x86 - version 2207 build 15427.20210 and...
XSS in HEEx class attributes
The class attribute was not protected against XSS attacks when using HEEx...
CVE-2021-24732
The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
WordPress 插件跨站脚本漏洞
WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress PDF Flipbook, 3D Flipbook, DearFlip plugin versions prior to 1.7.10, which stems from not bypassing the class attribute of its shortcode before outputting back to the attribut...
CVE-2021-39271
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...
OrbiTeam BSCW Classic 安全漏洞
OrbiTeam BSCW Classic is OrbiTeam Software GmbH's versatile system for any application. A security vulnerability in OrbiTeam BSCW Classic versions prior to 7.4.3, which could be exploited by an attacker to provide Python code in the class attribute of a .BSCW file to execute authenticated Remote...
Prismatic < 2.8 - Contributor+ Stored XSS
The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...
GitLab: Stored XSS in blob viewer
Summary I found a Stored-XSS in blob viewer when viewing a json file. In particular, when viewing an openapi file, openapiviewer is called to transfer the file's data to SwaggerUIBundle to render. SwaggerUIBundle does its job when rending graphical representation of the openapi's content. It also...
Denial Of Service (DoS)
bind is vulnerable to denial of service. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioni...
GitLab: Unfiltered `class` attribute in markdown code
This affects merge request/issue comments and probably other parts of the user interface. I am demonstrating PoCs on GitLab.com itself, as they don't affect anything outside of my test repo, which is private. It could be used to execute some js actions by contructing content that uses the...
ISC BIND named Denial of Service Vulnerability
ISC BIND is the United States Internet Systems Consortium ISC company maintains a set of open source software that implements the DNS protocol. A security vulnerability exists in the db.c file in named in ISC BIND versions 9.9.8-P2 prior to 9.x and 9.10.3-P2 prior to 9.10.x. The vulnerability can...
ISC BIND 9.x < 9.9.8-P2 / 9.10.x < 9.10.3-P2 Response Parsing Class Attribute Handling DoS
According to its self-reported version number, the remote installation of BIND is affected by a denial of service vulnerability due to improper parsing of incorrect class attributes in db.c. An unauthenticated, remote attacker can exploit this, via a malformed class attribute, to trigger a REQUIR...
bind: responses with a malformed class attribute can trigger an assertion failure in db.c
A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...
bind: responses with a malformed class attribute can trigger an assertion failure in db.c
A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...
DEBIAN-CVE-2015-8000
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...
CVE-2015-8000
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...
UBUNTU-CVE-2015-8000
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...
CVE-2015-8000
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...
FreeBSD : chromium -- multiple vulnerabilities (99aef698-66ed-11e1-8288-00262d5ed8ee)
Google Chrome Releases reports : 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library...