CVE-2012-2857

The CVE-2012-2857 entry describes a use-after-free in the CSS DOM implementation of Google Chrome. Affected versions are Chrome before 21.0.1180.57 on Mac OS X and Linux and before 21.0.1180.60 on Windows and Chrome Frame. The vulnerability can be triggered by a crafted document to cause a denial...

Scientific Linux Security Update : kdelibs on SL3.x i386/x86_64

A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service Konqueror crash or, potentially, execute arbitrary...

Google Chrome < 21.0.1180.60 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 21.0.1180.60 and is, therefore, affected by the following vulnerabilities : - Re-prompts are not displayed for excessive downloads. CVE-2012-2847 - Drag and drop file access restrictions are not restrictive enough...

Scientific Linux Security Update : squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64

A server-side code injection flaw was found in the SquirrelMail 'mapypalias' function. If SquirrelMail was configured to retrieve a user's IMAP server address from a Network Information Service NIS server via the 'mapypalias' function, an unauthenticated, remote attacker using a specially crafted...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513...

Scientific Linux Security Update : kdelibs on SL4.x, SL5.x i386/x86_64

A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service Konqueror crash or, potentially, execute arbitrary...

Google Chrome < 21.0.1180.60 Multiple Vulnerabilities

Binary data 800901.prm...

Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code wi...

CentOS Update for firefox CESA-2011:0885 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for firefox CESA-2011:0885 centos5 x86_64

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2011:0885 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for firefox CESA-2011:0885 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2012-3691

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets CSS property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2012-3691

CVE-2012-3691 affects WebKit-based Safari on iOS (and Safari on macOS) where WebKit’s handling of CSS property values caused a cross-origin issue that could bypass the Same Origin Policy when visiting a crafted site. The vulnerability enables cross-origin information exposure due to improper orig...

Forum Oxalis <= 0.1.2 SQL Injection Vulnerability

Exploit for php platform in category web applications Forum Oxalis 0.1.2 Vendor information: "Forum Oxalis is a minimalis GPL PHP forum using CSS." Vendor URI: http://developer.berlios.de/projects/forumoxalis/ Risk-level: High The application is prone to a remote SQL injection vulnerability...

CVE-2011-4293

The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets CSS and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified...

Microsoft Internet Explorer 9 SharePoint Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037MS12-039MS12-050)

Microsoft Internet Explorer 9 SharePoint Lync - toStaticHTML HTML Sanitizing Bypass MS12-037MS12-039MS12-050 toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory -...

Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037/MS12-039/MS12-050)

toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory - http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html Introduction The toStaticHTML component,...

toStaticHTML HTML Sanitizing Bypass

toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory - http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html Introduction The toStaticHTML component,...

Forum Oxalis 0.1.2 SQL Injection

Forum Oxalis 0.1.2 Vendor information: "Forum Oxalis is a minimalis GPL PHP forum using CSS." Vendor URI: http://developer.berlios.de/projects/forumoxalis/ Risk-level: High The application is prone to a remote SQL injection vulnerability. ------------------------------------- func.php, line 72:...

CVE-2012-2829

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element...