libxml2: double-free caused by malformed XPath expression in XSLT

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...

xmlsec1: arbitrary file creation when verifying signatures

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

SQL-Ledger 2.8.33 Local File Inclusion

Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33 Tested on: Ubuntu Server 10.04 CVE :...

SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion Edit

SQL-Ledger 2.8.33 - Authenticated Local File Inclusion Edit Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link:...

SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit

Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33 Tested on: Ubuntu Server 10.04 CVE :...

DEBIAN-CVE-2011-1401

ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in 1 the default...

CVE-2011-1401

ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted Cascading Style Sheets CSS token sequences in 1 the default...

DEBIAN-CVE-2011-1492

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets CSS stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain...

CVE-2011-1492

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets CSS stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain...

Google Fixes 19 Bugs in Chrome, Pays $14K in Bug Bounties

Google has released version 9.0.597.107 of its Chrome browser, fixing 19 security vulnerabilities and paying $14,000 in rewards to researchers in the process. The new version of Chrome, which Google released on Monday afternoon, includes fixes for 16 high-severity vulnerabilities and three bugs...

OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files

Multiple directory traversal vulnerabilities in OpenOffice.org OOo 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. dot dot in an entry in 1 an XSLT JAR filter description file, 2 an Extension aka OXT file, or unspecified other 3 JAR or 4 ZIP files...

Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2010-4739 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 8 Description: A use-after-free issue in the CAttrArray::PrivateFind function in mshtml.dll allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet...

Mozilla Integer Overflow in XSLT Node Sorting

Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node...

firefox: cross-domain information disclosure

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which...

Mozilla Integer Overflow in XSLT Node Sorting

Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node...

Mozilla Integer Overflow in XSLT Node Sorting

Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node...

Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page. The specific flaw exists within IE's support for the CStyleSheet object. When a style sheet...

Mozilla Firefox缓存XUL样式表更改浏览器UI漏洞

BUGTRAQ ID: 38922 CVECAN ID: CVE-2010-0169 Firefox是一款流行的开源WEB浏览器。 远程XUL文档所使用的样式表可能会污染用户的XUL缓存，而浏览器Chrome之后会使用这个缓存确定用户界面的样式。恶意网站可以利用这个漏洞更改浏览器的样式属性，如字体大小和颜色。 Mozilla Firefox 3.6 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla Thunderbird 3.0 Mozilla SeaMonkey 2.0 厂商补丁： Mozilla -------...

CVE-2010-0169

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to...