Mozilla Firefox CSS letter-spacing Heap Overflow - Ver2 (CVE-2006-1730)

A buffer overflow vulnerability has been reported in Mozilla Firefox. The vulnerability is due to an integer overflow leading to an insufficient buffer allocation while rendering the CSS spacing. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...

Mozilla Firefox CSS letter-spacing Heap Overflow - Ver2 (CVE-2006-1730)

The Firefox web browser is an application designed for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, and so forth. This application has a built-in JavaScript interpreter. It is also capable of using Cascading Style Sheets CSS. There exists a heap bas...

Debian Security Advisory DSA 2891-1 (mediawiki, mediawiki-extensions - security update)

Several vulnerabilities were discovered in MediaWiki, a wiki engine. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-2031 Cross-site scripting attack via valid UTF-7 encoded sequences in a SVG file. CVE-2013-4567 & CVE-2013-4568 Kevin Israel Wikipedia us...

Fedora Update for drupal7-ctools FEDORA-2014-2562

Check for the Version of drupal7-ctools OpenVAS Vulnerability Test Fedora Update for drupal7-ctools FEDORA-2014-2562 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Fedora Update for drupal7-ctools FEDORA-2014-2578

Check for the Version of drupal7-ctools OpenVAS Vulnerability Test Fedora Update for drupal7-ctools FEDORA-2014-2578 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

[SECURITY] Fedora 20 Update: drupal7-ctools-1.4-1.fc20

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...

[SECURITY] Fedora 19 Update: drupal7-ctools-1.4-1.fc19

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...

Fedora Update for drupal6-ctools FEDORA-2014-2531

Check for the Version of drupal6-ctools OpenVAS Vulnerability Test Fedora Update for drupal6-ctools FEDORA-2014-2531 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

HackerOne: CSS leaks SCSS debug info

Download CSS style sheet referenced from the HTML and do: grep -oP "file.:.?scss" application-facbdb64a504bb08ec272860320e1941.css | sort | uniq As you can see it exposes information about the file system, source CSS files and software used. See enclosed file for a dump of the output of the comma...

[SECURITY] Fedora 19 Update: drupal6-ctools-1.11-1.fc19

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

SuSE Update for chromium openSUSE-SU-2014:0243-1 (chromium)

Check for the Version of chromium OpenVAS Vulnerability Test $Id: gbsuse201402431.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for chromium openSUSE-SU-2014:0243-1 chromium Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This...

chromium to 32.0.1700.102 (important)

Chromium was updated to version 32.0.1700.102: Stable channel update: - Security Fixes: CVE-2013-6649: Use-after-free in SVG images CVE-2013-6650: Memory corruption in V8 and 12 other fixes - Other: Mouse Pointer disappears after exiting full-screen mode Drag and drop files into Chromium may not...

Stable Channel Update

Chrome has been updated to 32.0.1700.102 for Windows, Mac, Linux and Chrome Frame. This update has fixes for the following issues: Mouse Pointer disappears after exiting full-screen mode. 317496 Drag and drop files into Chrome may not work properly. 332579 Quicktime Plugin crashes in Chrome. 3084...

vBulletin YUI 2.9.0 Cross Site Scripting

Author: TUNISIAN CYBER + Exploit Title: vBulletin YUI 2.9.0 Cross Site Scripting vulnerability + Date: 09-01-2014 + Category: WebApp + Google Dork: :inurl:"clientscript/yui/uploader/assets/" + Tested on: KaliLinux + Friend's blog: www.na3il.com +Description: YUI is a free, open source JavaScript...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...

CVE-2013-6997

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange OX AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an HTML email with crafted CSS code containing wildcards or 2 office documents containing "crafted hyperlinks with script URL handler...

[ MDVSA-2013:290 ] mediawiki

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:290 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : December 17, 2013 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix security vulnerabilities: Kevin...

Open-Xchange Security Advisory 2014-01-06

Open-Xchange Security Advisory 2014-01-06 Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30203 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.0 and earlier Vulnerable component: backend Fixe...

绕过startbbs防御继续盲打管理员(两种方法)

简要描述： startbbs已经对xss有过滤措施，但是有办法绕过。这里我依然以官方为demo作为测试，因为官方的是最新版。 详细说明： 问题出现在发帖的正文文本框：盲打的概率非常高的。 测试了常规的html代码，发现只剩下img标签，其他的都被过滤了，因此可以在img上能发挥作用的只有on系列的事件了。 测试尝试和之前那样 发布上面的代码，发现过滤成下面这样： 尝试用javascript:伪协议去触发：但是又被过滤成这样： 也就是常规的在敏感字符那加入x 来让事件等功能失效。 到了这一步，暂时没有了头绪。 过了几天之后忽然想到之前新浪邮箱的过滤方式也是如此。...

CVE-2013-6388

Cross-site scripting XSS vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS...