5719 matches found
[SECURITY] Fedora 21 Update: rubygem-sprockets-2.12.1-3.fc21
Sprockets is a Rack-based asset packaging system that concatenates and serv es JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS...
[SECURITY] Fedora 21 Update: roundcubemail-1.0.5-1.fc21
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
Microsoft Internet Explorer CSS Regions Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Microsoft Internet Explorer SVG Marker Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Microsoft Internet Explorer CGeneratedTreeNode Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Information disclosure
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack...
CVE-2014-9044
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack...
phpBB CSS Injection Vulnerability
phpBB is phpBB group developed a set of open-source use of PHP language development of Web forum software . The software has support for multiple languages , support for multiple databases and customized layout and so on. A CSS injection vulnerability exists in phpBB, which arises from the...
HackerOne: Vulnerability with the way \ escaped characters in <http://danlec.com> style links are rendered
Uh\ oh! Basic POC: Sequences like test\ are rendered as http://test Examples of what could be done with this: Obviously there's a whole variety of stuff that can be done when you can inject arbitrary HTML, even in spite of the CSP protection. We can put in elements we're not supposed to see above...
[SECURITY] Fedora 20 Update: roundcubemail-1.0.4-2.fc20
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
[SECURITY] Fedora 21 Update: roundcubemail-1.0.4-2.fc21
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
Internet Explorer CSS Memory Corruption (MS09-002) - Ver2 (CVE-2009-0076)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in the way Microsoft Internet Explorer handles Cascading Style Sheets CSS. A remote attacker could exploit this issue by convincing a user to visit a specially crafted HTM...
eBay.com ocsnext CSS Injection
Exploit Title: eBay.com ocsnext sub-domain Reflected CSS injection Date: 20/12/2014 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ebay.com Version: / Category: Reflected CSS injection Google dork: Tested on: eBay.com ocsnext sub-domain Adobe description :...
Apple Safari 'Webkit' Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X
Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...
CVE-2014-8967
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets CSS token sequence specifying the run-in value for the display property, leading to improper CElement reference...
Design/Logic Flaw
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets CSS token sequence specifying the run-in value for the display property, leading to improper CElement reference...
CVE-2014-8967
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets CSS token sequence specifying the run-in value for the display property, leading to improper CElement reference...
CVE-2014-8967
CVE-2014-8967 is a Use-after-free in Microsoft Internet Explorer triggered by a crafted HTML/CSS token sequence (display: run-in), causing an improper CElement reference counting. The connected Nessus entry (MS15-009) confirms IE's remediation: apply security update 3034682 (and 3021952/3034196 a...
CVE-2014-7852
Cross-site scripting XSS vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file...
Cross site scripting
Cross-site scripting XSS vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file...