CVE-2016-4075

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL...

Radancy: XSS

https://werkenbijdefensie.nl/vacatures/kla03vc%3cimg%20src%3da%20onerror%3dalert1%3ehm505/bouw/ The value of the URL path folder 2 is copied into the HTML document as plain text between tags. The payload a03vchm505 was submitted in the URL path folder 2. This input was echoed unmodified in the...

CVE-2016-9459

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...

Cross site scripting

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document...

CVE-2017-6589

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document...

USN-3041-1: Oxide vulnerabilities

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service application crash or execute arbitrary code. CVE-2016-1705 It was discovered...

CVE-2016-5265

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...

CVE-2016-5265

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...

The vulnerability of the Firefox browser, which allows a remote attacker to execute arbitrary code or trigger a service denial-of-service attack.

The vulnerability in Firefox’s Firefox browser, related to the HTMLSourceElement::BindToTree function, lies in insufficient data type constraints after a failed namespace check during the tree binding process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or...

CVE-2015-8806

dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the "!DOCTYPE html" substring in a crafted HTML document...

Heap overflow

dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the "!DOCTYPE html" substring in a crafted HTML document...

CVE-2015-8806

dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the "!DOCTYPE html" substring in a crafted HTML document...

CVE-2015-8806

dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the "!DOCTYPE html" substring in a crafted HTML document...

Symantec Endpoint Protection Multiple Vulnerabilities (Mar 2016)

Symantec Endpoint Protection is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2015-8154

The SysPlant.sys driver in the Application and Device Control ADC component in the client in Symantec Endpoint Protection SEP 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."...

CVE-2015-8154

Symantec Endpoint Protection Client

CVE-2016-1644

WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted HTML document...

Design/Logic Flaw

WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted HTML document...

CVE-2016-1644

WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted HTML document...

Microsoft Internet Explorer CACPWrap Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...