8434 matches found
Cross site scripting
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
CVE-2018-6561
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
jQuery Denial of Service Vulnerability
jQuery is an American programmer John Resig developed a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A denial of service vulnerability exists in versions of...
GHSA-MHPP-875W-9CPV Denial of Service in jquery
Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition. Recommendation Upda...
Denial of Service in jquery
Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition. Recommendation Upda...
Cross-site Scripting (XSS)
primesfaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the label in the SelectCheckboxMenuRenderer attribute is not sanitized...
Stack overflow
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service DoS due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit...
CVE-2016-10707
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service DoS due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit...
CVE-2016-10707
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service DoS due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit...
CVE-2016-10707
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service DoS due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit...
CVE-2016-10707
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service DoS due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit...
CVE-2016-10707
Removed by vendor...
Wecon LeviStudioU General FigureFile Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...
Denial of Service in jquery
Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition. Recommendation Upda...
Wecon LeviStudioU G_bmp szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...
Wecon LeviStudioU MulStatus szFilename Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...
Shibboleth 2 XML Injection Vulnerability
RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate attribute values without breaking the document's signature. This might lead to a complete bypass o...
FreeBSD : shibboleth-sp -- vulnerable to forged user attribute data (3dbe9492-f7b8-11e7-a12d-6cc21735f730)
Shibboleth consortium reports : Shibboleth SP software vulnerable to forged user attribute data The Service Provider software relies on a generic XML parser to process SAML responses and there are limitations in older versions of the parser that make it impossible to fully disable Document Type...
Information disclosure
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...
UBUNTU-CVE-2018-0486
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...