5719 matches found
CVE-2013-2844
Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution...
CVE-2013-2844
CVE-2013-2844 describes a use-after-free in the CSS implementation of Chromium/Chrome prior to version 27.0.1453.93, which could allow a remote attacker to cause a denial of service or possibly other impact via style-resolution vectors. Public sources in the connected documents confirm Chromium/C...
[SECURITY] Fedora 19 Update: drupal7-ctools-1.3-1.fc19
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...
Microsoft Internet Explorer CSS导入处理拒绝服务漏洞
Microsoft Internet Explorer是一款流行的WEB浏览器 Microsoft Internet Explorer处理特制的CSS导入存在一个段错误,允许攻击者构建恶意WEB页,诱使用户解析,使应用程序崩溃。 此漏洞需要用户一些交互才能触发,并且目前来看不能用于执行代码 0 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 厂商解决方案 目前没有详细解决方案提供: http://www.microsoft.com/...
Microsoft Internet Explorer DoS
Crash on recursive CSS inclusion...
DoS vulnerability in Internet Explorer (access violation)
Hello 3APA3A! I want to warn you about Denial of Service vulnerabilities in Internet Explorer. This is access violation. I've made the exploit and tested this vulnerability at 13.02.2013. This exploit is based on video by TheSecuritylab for IE7. As I've tested, it also works in IE6 and IE8...
[SECURITY] Fedora 17 Update: drupal7-ctools-1.3-1.fc17
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...
[SECURITY] Fedora 18 Update: drupal7-ctools-1.3-1.fc18
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...
[SECURITY] Fedora 17 Update: roundcubemail-0.8.6-1.fc17
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
[SECURITY] Fedora 18 Update: roundcubemail-0.8.6-1.fc18
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css
A cross-site scripting XSS flaw was found in Action Pack. A remote attacker could use this flaw to conduct XSS attacks against users of an application using Action Pack...
Mozilla Firefox ESR Code Execution Vulnerabilities (Nov 2012) - Mac OS X
Mozilla Firefox ESR is prone to multiple code execution vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field Part of Ask Question form =================== We don't need the captcha Image when we have this xD Request from Ask Question area X...
DEBIAN-CVE-2013-1855
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...
CVE-2013-1855
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...
CVE-2013-0206
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...
CVE-2013-0206
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...
Unrestricted file upload
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...
CVE-2013-0206
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...
CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...