roundcube -- XSS vulnerability

Roundcube reports: Fix XSS issue in href attribute on area tag 5240...

CVE-2016-4483

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627...

CVE-2016-1386

The API in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.01 allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521...

Code injection

The API in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.01 allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521...

CVE-2016-1386

The API in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.01 allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521...

The vulnerability of the Apache Struts software platform, which allows a hacker to execute arbitrary code

The vulnerability of the Apache Struts software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the sequence of characters "%" in the tag attribute...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2016-0785

Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation...

CVE-2016-0785

CVE-2016-0785 affects Apache Struts 2.x; vulnerability arises from a double OGNL evaluation in tag attributes (forced OGNL). Affected versions include Struts 2.x before 2.3.29 (with references across IBM advisories and OSVs). Exploitation status is not detailed in the provided documents. Remediat...

CVE-2016-0785

Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation...

Zimbra Collaboration Server Mail Interface Cross-Site Request Forgery Vulnerability

Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Zimbra, USA. The solution provides email, contacts, calendaring, file sharing, social networking, and more. A cross-site request forgery vulnerability exists in the Mail interface of Zimbra Collaboration Server...

The exception in the exception: by means of a system of exception handling exception achieve incredible exploit-vulnerability warning-the black bar safety net

Memory read, write, execute attribute is system security the most important one of the mechanisms. Usually, if you want to overwrite the data in memory, you must first ensure that the block of memory having a write attribute, if you want to execute a piece of code in memory, you must first ensure...

Foxit PhantomPDF ListBox value Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Apache Struts2 Remote Code Execution Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source framework for creating enterprise-class Java Web applications. A security vulnerability exists in Apache Struts versions 2.0.0 through 2.3.24.1, which stems from the program performi...

rubygem-activerecord: Nested attributes rejection proc bypass in Active Record

A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes...

rubygem-activerecord: Nested attributes rejection proc bypass in Active Record

A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes...

HackerOne: Possible XSS

Hi, I opened this report as soon as I have read https://mathiasbynens.github.io/rel-noopener/ It doesn't necessarly affect HackerOne, nor have i given it enough time to get a working dom manipulation. But since Markdown allows creating target attributes to anchor tags, it may be possible to get...

DEBIAN-CVE-2016-2799

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font...