8423 matches found
CVE-2017-14836
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate...
CVE-2017-16581
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-16581
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-16581
Foxit Reader 8.3.2.25013 is affected by CVE-2017-16581. The vulnerability is a remote code execution flaw in the author attribute of the Document object due to not validating the existence of an object before performing operations. Exploitation requires user interaction (visiting a malicious page...
CVE-2017-14836
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate...
CentOS 7 : sssd (CESA-2017:3379)
An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
CVE-2017-14899
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCANL80211VENDORSUBCMDSETTXPOWERSCALEDECRDB vendor command, in which attribute QCAWLANVENDORATTRTXPOWERSCALEDECRDB contains fewer than 1 byte, a buffer overrun occu...
Cross-site Scripting (XSS)
Wordpress is vulnerable to cross-site scripting XSS attacks. Attackers can use the lang attribute of an HTML element to conduct XSS attacks when setting the language of a site...
WordPress Cross-Site Scripting Vulnerability (CNVD-2017-38249)
WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. A cross-site scripting vulnerability exists in WordPress before 4.9.1. The vulnerability...
CVE-2017-17093
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...
UBUNTU-CVE-2017-17093
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...
DEBIAN-CVE-2017-17093
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...
CVE-2017-17093
CVE-2017-17093 affects WordPress prior to 4.9.1, specifically wp-includes/general-template.php where the lang attribute of an HTML element is not properly restricted. This design flaw can enable cross-site scripting (XSS) via the site language setting. The vulnerability is addressed by WordPress ...
CVE-2017-17093
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...
CVE-2017-17093
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...
MGASA-2017-0429 Updated mediawiki packages fix security vulnerabilities
XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping CVE-2017-8808. Reflected File Download from api.php CVE-2017-8809. On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password CVE-2017-8810. It's possible to...
WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
...