CVE-2020-28687

CVE-2020-28687 affects ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0. The vulnerability arises from the edit profile functionality, which allows remote attackers (authenticated users) to upload arbitrary files, enabling a potential remote code execution via a crafted profile picture (e....

CVE-2020-28688

CVE-2020-28688 affects ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0. The vulnerability is in the add artwork functionality, which allows remote attackers to upload arbitrary files, potentially enabling remote code execution. The Exploit-DB PoC demonstrates an authenticated workflow to ...

KLA12012 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, obtain sensitive information, bypass security restrictions, spoof user interface. Below is a...

Rocket.Chat: CSS Injection in Message Avatar

The custom message avatars in the Meteor.method "sendMessage" can contain inline CSS that influences the resulting HTML element rendering. Escaping the input with "none;" allows further CSS to be applied to the elements inline styles, without requiring certain characters such as whitespace...

eDEX-UI - A Cross-Platform, Customizable Science Fiction Terminal Emulator With Advanced Monitoring &Touchscreen Support

eDEX-UI is a fullscreen, cross-platform terminal emulator and system monitor that looks and feels like a sci-fi computer interface. Heavily inspired from the TRON Legacy movie effects especially the Board Room sequence, the eDEX-UI project was originally meant to be "DEX-UI with less « art » and...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

seddisli.com Cross Site Scripting vulnerability OBB-1427994

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

shinbon.co.kr Cross Site Scripting vulnerability OBB-1392332

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c

A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability...

USN-4543-1: Sanitize vulnerability

Michał Bentkowski discovered that Sanitize did not properly sanitize some math or svg HTML under certain circumstances. A remote attacker could potentially exploit this to conduct cross-site scripting XSS attacks. CVE-2020-4054...

KLA11963 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to . Below is a complete list of vulnerabilities: 1. Use after free vulnerability can be exploited to denial of service. 2. Security UI vulnerability can be exploited to spoof user interface...

CVE-2020-6539

Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6539

Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-6539

Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6539

Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6539

CVE-2020-6539 refers to a use-after-free in CSS handling in Google Chrome prior to 84.0.4147.105, enabling potential remote code execution via a crafted HTML page. The vulnerability affects Chrome’s CSS engine and could allow heap corruption leading to arbitrary code execution, with impact descri...

Cross-site Scripting (XSS)

firefox is vulnerable to cross-site scripting XSS. The vulnerability exists when pasting a tag from the clipboard into a rich text editor, and the CSS sanitizer does not escape characters, and when a webpage subsequently copies the node's innerHTML, and assigns it to another innerHTML...

Injection Attacks

thunderbird is vulnerable to injection attacks. The vulnerability exists as the CSS sanitizer incorrectly rewrites a @namespace rule when pasting a tag from the clipboard into a rich text editor...

Arbitrary Code Injection

firefox is vulnerable to arbitrary code injection. When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy...

KLA12007 Multiple vulnerabilities in Apple iTunes

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An out-of-bounds write vulnerability in ImageIO can be exploited...