ZDI-11-098: Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability

ZDI-11-098: Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-098 March 2, 2011 -- CVE ID: CVE-2011-0132 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- Vulnerabili...

Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way th...

Google Chrome < 9.0.597.107 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 9.0.597.107. Such versions are reportedly affected by multiple vulnerabilities : - An unspecified error exists in the URL bar operations which can allow spoofing attacks. Issue 54262 - An unspecified error exists in the...

CVE-2011-1109

Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets CSS stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."...

Null pointer dereference

Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets CSS stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."...

CVE-2011-1109

Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets CSS stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."...

CVE-2011-1109

Removed by vendor...

CVE-2011-1109

CVE-2011-1109 affects Google Chrome prior to 9.0.597.107. It describes a vulnerability in how CSS stylesheet nodes are processed, which can lead to a denial of service or unspecified impact via a stale pointer. The exact exploit vectors are not detailed in the provided documents. The CVSS base sc...

Web Server CSS Hosted on 3rd-party Server

Binary data 5800.prm...

MediaWiki CSS Comments XSS

There is a cross-site scripting vulnerability in this installation of MediaWiki that may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user. Such script code could steal authentication credentials and be used to launch other attacks. This version of MediaWik...

FreeBSD : opera -- multiple vulnerabilities (2eda0c54-34ab-11e0-8103-00215c6a37bb)

Opera reports : Opera 11.01 is a recommended upgrade offering security and stability enhancements. The following security vulnerabilities have been fixed : - Removed support for 'javascript:' URLs in CSS -o-link values, to make it easier for sites to filter untrusted CSS. - Fixed an issue where...

Internet Explorer CSS Recursive Import Use After Free

$Id: ms11003iecssimport.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

FreeBSD : mediawiki -- multiple vulnerabilities (8d04cfbd-344d-11e0-8669-0025222482c5)

Medawiki reports : An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in '.php' which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite...

New Version of Eleonore Exploit Kit Released With New 0-Day Exploit

The creator of the infamous Eleonore exploit pack has released a new version of the attack toolkit, adding some new exploits, including one for a zero day vulnerability. The new version of Eleonore is selling for $2,000, a premium price even in the world of high-level exploit kits. Eleonore is on...

Microsoft Internet Explorer - CSS Recursive Import Use-After-Free (MS11-003) (Metasploit)

$Id: ms11003iecssimport.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Opera Browser Multiple Vulnerabilities Feb-11 (Windows)

The host is installed with Opera browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvulnwinfeb11.nasl 7052 2017-09-04 11:50:51Z teissa $ Opera Browser Multiple Vulnerabilities Feb-11 Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Network...

CVE-2011-0047

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS comments, aka "CSS injection vulnerability."...

DEBIAN-CVE-2011-0047

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS comments, aka "CSS injection vulnerability."...

CVE-2011-0047

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS comments, aka "CSS injection vulnerability."...

CVE-2011-0047

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS comments, aka "CSS injection vulnerability."...