Contec CONPROSYS HMI System SQL注入漏洞

Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3, which originates from the presence of SQL injection...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the -g option of the CleanNode function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Issue Credit: bsdb0y...

SUSE CVE-2013-7324

Webkit-GTK 2.x any version with HTML5 audio/video support based on GStreamer allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress HTML5 Responsive FAQ has a cross-site scripting vulnerability that stems from not properly cleaning a...

Gate One 授权问题漏洞

Gate One is an Html5 based terminal emulator and Ssh client. A security vulnerability exists in Gate One version 1.2.0, which stems from an issue in the software that allows an attacker to exploit the vulnerability to bypass authentication checks in the source list and connect to a Gate One...

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

kinvey-angular-sdk (>=3.4.0 <=3.5.3), kinvey-angular2-sdk (>=3.4.1 <=3.5.2) +6 more potentially affected by CVE-2020-7741 via hellojs (>=1.13.1 <=1.14.1)

hellojs NPM version =1.13.1, =3.4.0, =3.4.1, =3.4.1, =3.4.0, =3.4.1, =3.4.0, =3.4.0, =3.4.1, =3.5.2 Source cves: CVE-2020-7741 Source advisory: SNYK:JS-HELLOJS-1014546...

Multiple Vulnerabilities in JAVAPMS Portal Management System of Nanchang Zhengneng Information Technology Co.

JAVAPMS portal management system to SpringMVC + Spring + Hibernate + Freemarker + Html5 + jQuery for the technical core architecture , for individual webmasters , commercial enterprises , government agencies , educational institutions and other various units of the organization's information port...

Mozilla: Use-after-free parsing HTML5 stream

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird 60.5, Firefox ESR 60.5, and...

Arbitrary Code Execution Vulnerability in the HTML5 Responsive Website Building System of Huizhou Fire Phoenix Network Technology Co.

Huizhou Fire Phoenix Network Technology Co., Ltd. provides one-stop website production, website promotion, APP development, WeChat development, data analysis, software development, dynamic creative, cell phone website, Taobao store permanent code decoration, FLASH animation, to program developmen...

DEBIAN-CVE-2017-14735

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

DEBIAN-CVE-2016-2819

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element...

Mozilla: Buffer overflow parsing HTML5 fragments (MFSA 2016-50)

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element...

Mozilla Firefox and Firefox ESR HTML5 String Parser Memory Misreference Vulnerability

Firefox is an open source Web browser ; Firefox ESR is an extended support version of Firefox.Graphite is a set of Python language , written using the Django framework for enterprise-class open source system monitoring tools . A memory misreference vulnerability in the Mozilla Firefox and Firefox...

Mozilla: Use-after-free in HTML5 string parser (MFSA 2016-23)

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...

Private video streams can be intercepted – Opera Security Advisories

Private video streams can be intercepted – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Moderate Description Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the...