security flaw

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...

Re: Microsoft Media Player ASX Parser buffer overflow vulnerability

I found yet another bof condition in the ASX VERSION tag : an .ASX file with the contents : ASX VERSION="AAAAAAAAAAA ... AAAAAAA" crashes MPLAYER 6.4 in dxmasf.dll... greetz, ByteRage [email protected] http://elf.box.sk/byterage REVELATION: HREF attribute of BANNER tag can be abused to smash our...

Cisco IOS BGP Attribute Corruption Vulnerability

...

HM Software S to Infinity 3.0 - Multiple Vulnerabilities

HM Software S to Infinity 3.0 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/1368/info A number of vulnerabilities exist in HM Software S to Infinity, a security access control, desktop lockdown and transparent encryption application. Intended features include restriction of...

Security Bulletin (MS00-033)

Microsoft Security Bulletin MS00-033 - -------------------------------------- Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", and "Malformed Component Attribute" Vulnerabilities Originally Posted: May 17, 2000 Summary ======= Microsoft has released a comprehensive...

CVE-1999-0895

Firewall-1 does not properly restrict access to LDAP attributes...

Cross-Site Scripting

I've picked up on the work started over at 276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggested earlier so that all attributes are...

Security update 1970-01-01

...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

CVE-2026-45753: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite: javascript: URI Survives Sanitization (XSS)

More info at https://symfony.com/cve-2026-45753...

Cross-Site Scripting

I've picked up on the work started over at https://github.com/erusev/parsedown/pull/276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggest...