81 matches found
The vulnerability of the Mozilla Firefox browser, related to security configuration errors, allows attackers to circumvent existing security restrictions.
The vulnerability of the Mozilla Firefox browser is related to errors in the configuration of security rules for iframe-based tables in XSLT stylesheets. Exploiting this vulnerability allows an attacker to circumvent existing security restrictions by using iframes to bypass limitations such as...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
Mozilla Firefox 安全特征问题漏洞
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature problem in which iframe sandboxing rules are not properly applied to XSLT style sheets and an attacker can use the vulnerability to bypass implemented security restrictio...
SAP NetWeaver Knowledge Management Configuration Service 操作系统命令注入漏洞
SAP NetWeaver Knowledge Management Configuration Service is a knowledge management solution configuration service from SAP, Germany. An operating system command injection vulnerability exists in SAP NetWeaver Knowledge Management XML Forms versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, which allows...
The vulnerability in the nsAutoPtr function of browsers like Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to cause a service failure.
The vulnerability of the nsAutoPtr function in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to the use of memory after document processing using the XSLT Extensible Stylesheet Language Transformations language. Exploiting this vulnerability can allow an...
Palo Alto Networks PAN-OS Buffer Overflow Vulnerability (CNVD-2020-31586)
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in the XSLT processing logic in Palo Alto Networks PAN-OS. An attacker could exploit this vulnerability to upload and execute malicious files with...
The vulnerability of the XSLT (Extensible Stylesheet Language Transformations) implementation of the Apache Syncope system allows a attacker to read the file, write to the file, or execute arbitrary code.
The vulnerability of the XSLT Extensible Stylesheet Language Transformations implementation of the Apache Syncope system’s digital identifier management mechanism is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to read files, write files, or...
Stack-based Buffer Overflow
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...
Memory Corruption
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...
Use After Free
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...
Buffer Overflow
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...
Memory Corruption
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
GHSA-H6RP-8V4J-HWPH Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...
CVE-2018-5177
A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox 60...
Mozilla Firefox XSLT Buffer Overflow Vulnerability
Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A buffer overflow vulnerability exists in XSLT in Mozilla Firefox during number formatting. An attacker could exploit this vulnerability to cause a denial of service...
Apache Syncope Remote Code Execution Vulnerability
Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. A security vulnerability exists in Apache Syncope versions 1.2.x...
The vulnerability of XSLT programs for viewing and editing PDF files in Adobe Reader, Adobe Acrobat Document Cloud, Adobe Acrobat, and Adobe Reader Document Cloud allows attackers to execute arbitrary code.
The vulnerability of XSLT programs for viewing and editing PDF files in Adobe Reader, Adobe Acrobat Document Cloud, Adobe Acrobat, and Adobe Reader Document Cloud arises from operations that go beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrar...
Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...
Mozilla: Use-after-free in XSL (MFSA 2017-02)
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2017-2970
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution...