EUVD-2012-5102

Malware in sbrugna...

EUVD-2013-3070

Malware in sbrugna...

EUVD-2013-3109

Malware in sbrugna...

EUVD-2013-2262

Malware in sbrugna...

EUVD-2021-3291

Malicious code in bioql PyPI...

EUVD-2024-0870

Malicious code in bioql PyPI...

ASB-A-199678035

In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

July 2014 update for Microsoft Silverlight 5

July 2014 update for Microsoft Silverlight 5 Should I install this update This update is released on July 23, 2014 and offers a new build version 5.1.30514.0 of Microsoft Silverlight. For more information about Silverlight, see the What is Silverlight section. If you have Silverlight installed, o...

WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. Title: WebKitGTK+ win = window.open"sleeponesecond.php...

New Relic: Stored XSS in Brower `name` field reflected in two pages

The Name field of the Brower apps feature is not properly escaped in at least two pages. An attacker can create a new browser application with a specially crafted Name field which will be reflected and interpreted by other users visiting these two pages. Leveraging this vulnerability, I was able ...

CVE-2015-2504

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to 1 execute arbitrary code via a crafted XAML browser application XBAP or 2 bypass Code Access Security restrictions via a crafted...

Privilege escalation

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to 1 execute arbitrary code via a crafted XAML browser application XBAP or 2 bypass Code Access Security restrictions via a crafted...

Design/Logic Flaw

The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open'\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser...

CVE-2013-3171

The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

CVE-2013-3132

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka...

Design/Logic Flaw

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka "Anonymous Method...

CVE-2013-3171

The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

Microsoft .NET Framework WinForms Buffer Overflow (CVE-2013-0002)

A buffer overflow vulnerability exists in Microsoft .NET Framework Windows Form. The vulnerability is due to a race condition when handling the size of an array of objects prior to copying them into a global memory buffer.An attacker can remotely exploit this vulnerability by enticing a user to...

Microsoft .NET Framework WinForms Information Disclosure (CVE-2013-0001)

A remote code execution vulnerability has been reported in the Microsoft .NET Framework. The vulnerability is due to the way WinForms handles pointers to unmanaged memory locations.A remote, unauthenticated attacker can exploit this vulnerability by either enticing a user to visit a maliciously...

Privilege escalation

The Windows Forms aka WinForms component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 ...