CVE-2010-1647

Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as script by Internet Explorer...

DEBIAN-CVE-2010-1647

Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as script by Internet Explorer...

Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must visit a website or open a malicious document. The specific flaw exists within the way Webkit implements the 'first-letter' css style...

CVE-2010-1647

Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as script by Internet Explorer...

CVE-2010-1647

Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as script by Internet Explorer...

FreeBSD : mediawiki -- two security vulnerabilities (fc55e396-6deb-11df-8b8e-000c29ba66d2)

Two security vulnerabilities were discovered : Noncompliant CSS parsing behaviour in Internet Explorer allows attackers to construct CSS strings which are treated as safe by previous versions of MediaWiki, but are decoded to unsafe strings by Internet Explorer. A CSRF vulnerability was discovered...

mediawiki -- two security vulnerabilities

Two security vulnerabilities were discovered: Noncompliant CSS parsing behaviour in Internet Explorer allows attackers to construct CSS strings which are treated as safe by previous versions of MediaWiki, but are decoded to unsafe strings by Internet Explorer. A CSRF vulnerability was discovered ...

Arbitrary UNC file read in IE 8

Internet Explorer is vulnerable to a drive-by arbitrary UNC file read, with the usual consequences local account password disclosure, etc. as in IE6 before SP1. It is in ICMFilter, which is accessible via the CSS filter property. Sample exploit code: div...

New Tabbed Browsing Phishing Attack Exploits User Trust

A researcher has developed a new type of phishing attack that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab. The attack, demonstrated by Aza Raskin of Mozilla, could be use...

Internet Explorer CSS Import Cross-Domain Restriction Bypass (MS06-021; CVE-2005-4089)

The Microsoft Internet Explorer IE is a web browser capable of displaying HTML encoded pages, downloading files, etc. This application has a built in JavaScript interpreter. It is also capable of using Cascading Style Sheets CSS. A Cross-Domain vulnerability exists in Microsoft Internet Explorer...

Apple Safari 4.0.3 (Win32) CSS Remote Denial Of Service Exploit

No description provided by source. =============================================================== Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit =============================================================== In The Name Of Allah Apple Safari 4.0.3 Win32 CSS Remote Denial Of Servi...

Apple Safari 4.0.3 CSS Denial Of Service

=============================================================== Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit =============================================================== In The Name Of Allah Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit Tested on Safari 4.0.3.0...

Apple Safari 4.0.3 (Win32) CSS Remote Denial Of Service Exploit

Exploit for windows platform in category dos / poc =============================================================== Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit =============================================================== In The Name Of Allah Apple Safari 4.0.3 Win32 CSS Remote...

MediaWiki >= 1.5 CSS验证信息泄露漏洞

BUGTRAQ ID: 38621 CVE ID: CVE-2010-1189 MediaWiki是著名的wiki程序，运行于PHP+MySQL环境。 MediaWiki的CSS验证功能没有禁止wiki编辑者在wiki页面中链接到其他网站的图形，这允许编辑者通过添加到恶意网站上的图形链接获得IP 地址等有关于wiki用户的敏感信息。 MediaWiki = 1.5 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-2022-1）以及相应补丁: DSA-2022-1：New mediawiki packages fix several...

Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2)

=============================================================== Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit =============================================================== In The Name Of Allah Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit Tested on Safari 4.0.3.0...

Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service (2)

Apple Safari 4.0.3 Windows x86 - CSS Remote Denial of Service 2 =============================================================== Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit =============================================================== In The Name Of Allah Apple Safari 4.0.3 Win...

openSUSE Security Update : mediawiki (openSUSE-SU-2010:0154-1)

MediaWiki was prone to a CSS validation flaw and data leakage vulnerability CVE-2010-1189, CVE-2010-1190. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update mediawiki-2356. The text description o...

DynPG CMS Multiple Remote File Inclusion Vulnerability

fucking the Web Apps attack edition / / / / L /' / , / / /' , / /' /' / /' / / / / / / L / / / // // // ///////////L // ////// // // Hack0wn! Security Project / /&...

Internet Explorer HTML CSS Tag Rendering Memory Corruption (MS10-018; CVE-2010-0807)

A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has been deleted. To trigger this issue, an attacker may create a malicious web page that will cause Internet Explorer to exit unexpectedly...

DynPG CMS 4.1.0 - Multiple Vulnerabilities

DynPG CMS v4.1.0 Multiple Vulnerability fucking the Web Apps attack edition /\ \ /\ \ /\ /\ \ \ \ \L\ \ \ /'\ /\ \ \ ,\ \ \ \ \ /\ /\ \ /'\ \ , /\ \ /' \ /' \ \ \ /\ \ \ /'\ \ \ /\ \ \ /\ /\ \ \\ \ /\ /\ /\ \L\ \ \ \ \ \ \ \ /\ / \ \ \ /\ \\ \ \ \ \ \ \ \ \ \\ \ \ \...