chromium-browser: Use-after-free in dom

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...

CVE-2014-8683 XSS in Gogs Markdown Renderer

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 XSS in Gogs Markdown Renderer ============================= Researcher: Timo Schmid [email protected] Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github...

Opera 6.0.1/6.0.2 Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4834/info A vulnerability has been reported in Opera 6.01/6.02. The vulnerability is related to handling of the 'file' HTML input-type. It is possible for a server to set the file value, while fooling Opera into thinking ...

SA-CONTRIB-2012-096 - Authoring HTML - Cross Site Scripting (XSS)

This module creates an input format suitable for use within a WYSIWYG editor. It adds support for the iframe HTML tag, making it friendly with the popular iframe embeds available in popular video sites like YouTube and Vimeo. It supports the script tag too. Both tags will only be allowed if the...

CVE-2012-0007

The Microsoft Anti-Cross Site Scripting AntiXSS Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets CSS escaped character, which allows remote attackers to conduct cross-site scripting XSS attacks via HTML input, aka "AntiXSS Library Bypass...

Cross site scripting

The Microsoft Anti-Cross Site Scripting AntiXSS Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets CSS escaped character, which allows remote attackers to conduct cross-site scripting XSS attacks via HTML input, aka "AntiXSS Library Bypass...

CVE-2012-0007

CVE-2012-0007 refers to a vulnerability in Microsoft AntiXSS Library (versions 3.x and 4.0) where characters after a CSS-escaped sequence are not evaluated correctly, allowing remote XSS via HTML input. Root cause: improper handling in the AntiXSS sanitization process after CSS escapes. Affected ...

Chrome Stable Update

The Google Chrome team is happy to announce the arrival of Chrome 11.0.696.57 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 11 contains some really great improvements including speech input through HTML. Security fixes and rewards: Please see the Chromium security page f...

CVE-2010-2230

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting XSS attacks via HTML input...

CVE-2010-2230

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting XSS attacks via HTML input...

Debian Security Advisory DSA 1554-2 (roundup)

The remote host is missing an update to roundup announced via advisory DSA 1554-2. OpenVAS Vulnerability Test $Id: deb15542.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1554-2 roundup Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian: Security Advisory (DSA-1554-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1554-1 (roundup)

The remote host is missing an update to roundup announced via advisory DSA 1554-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

DSA-1554-1 roundup - cross-site scripting vulnerability

Bulletin has no description...

Debian DSA-1470-1 : horde3 - missing input sanitising

Ulf Harnhammar discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client. This update also provides backported bugfixes to the...

Microsoft FrontPage Server Extensions跨站脚本漏洞（MS06-017）

FrontPage Server Extensions为FrontPage服务扩展，与IIS一起使用可以方便的支持管理、创建以及浏览FrontPage扩展的网站。 FrontPage Server Extensions对HTML页面的处理存在输入验证漏洞，远程攻击者可能在客户机器上执行任意脚本代码。 FrontPage Server Extensions的fpadmdll.dll中的一些参数没有正确的过滤返回给用户的特定输入，导致跨站脚本问题，可能允许攻击者以当前会话权限以客户机的浏览器中执行恶意脚本代码，利用这个漏洞必须用户交互。...

Mandrake Linux Security Advisory : gaim (MDKSA-2005:049)

Gaim versions prior to version 1.1.4 suffer from a few security issues such as the HTML parses not sufficiently validating its input. This allowed a remote attacker to crash the Gaim client be sending certain malformed HTML messages CVE-2005-0208 and CVE-2005-0473. As well, insufficient input...

CVE-2003-1105

Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service browser or Outlook Express crash via HTML with certain input tags that are not properly rendered...

List Site Pro 2.0 - User Database Delimiter Injection

source: https://www.securityfocus.com/bid/6685/info List Site PRO is a top site ranking system that counts hits from member sites and then ranks them according to the number of hits. A problem has been reported for List Site PRO that would allow an attacker to inject arbitrary values via html inp...

cuartango-son.txt

The Son of Cuartango Hole http://pages.whowhere.com/computers/cuartangojc/son1.html Affected software Microsoft Internet Explorer 4.01 Fixes Microsoft has released a fix : Microsoft Security Site http://www.microsoft.com/security/bulletins/ms98-015.asp Microsoft names the vulnerability as...