WordPress 插件跨站脚本漏洞

WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress PDF Flipbook, 3D Flipbook, DearFlip plugin versions prior to 1.7.10, which stems from not bypassing the class attribute of its shortcode before outputting back to the attribut...

CVE-2021-39271

OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...

OrbiTeam BSCW Classic 安全漏洞

OrbiTeam BSCW Classic is OrbiTeam Software GmbH's versatile system for any application. A security vulnerability in OrbiTeam BSCW Classic versions prior to 7.4.3, which could be exploited by an attacker to provide Python code in the class attribute of a .BSCW file to execute authenticated Remote...

Prismatic < 2.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...

GitLab: Stored XSS in blob viewer

Summary I found a Stored-XSS in blob viewer when viewing a json file. In particular, when viewing an openapi file, openapiviewer is called to transfer the file's data to SwaggerUIBundle to render. SwaggerUIBundle does its job when rending graphical representation of the openapi's content. It also...

Denial Of Service (DoS)

bind is vulnerable to denial of service. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioni...

GitLab: Unfiltered `class` attribute in markdown code

This affects merge request/issue comments and probably other parts of the user interface. I am demonstrating PoCs on GitLab.com itself, as they don't affect anything outside of my test repo, which is private. It could be used to execute some js actions by contructing content that uses the...

ISC BIND named Denial of Service Vulnerability

ISC BIND is the United States Internet Systems Consortium ISC company maintains a set of open source software that implements the DNS protocol. A security vulnerability exists in the db.c file in named in ISC BIND versions 9.9.8-P2 prior to 9.x and 9.10.3-P2 prior to 9.10.x. The vulnerability can...

ISC BIND 9.x < 9.9.8-P2 / 9.10.x < 9.10.3-P2 Response Parsing Class Attribute Handling DoS

According to its self-reported version number, the remote installation of BIND is affected by a denial of service vulnerability due to improper parsing of incorrect class attributes in db.c. An unauthenticated, remote attacker can exploit this, via a malformed class attribute, to trigger a REQUIR...

bind: responses with a malformed class attribute can trigger an assertion failure in db.c

A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...

bind: responses with a malformed class attribute can trigger an assertion failure in db.c

A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

DEBIAN-CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

UBUNTU-CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

FreeBSD : chromium -- multiple vulnerabilities (99aef698-66ed-11e1-8288-00262d5ed8ee)

Google Chrome Releases reports : 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library...

Google Chrome < 17.0.963.65 Multiple Vulnerabilities

Binary data 800899.prm...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library. Cred...

Debian Security Advisory DSA 043-1 (zope)

The remote host is missing an update to zope announced via advisory DSA 043-1. OpenVAS Vulnerability Test $Id: deb0431.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 043-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...