CVE-2019-16250

includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets CSS token sequence...

WordPress Ocean Extra plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ocean Extra is a plugin used to add extensions to the Ocean theme. An input validation error vulnerability exists in the...

CVE-2017-18611

The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWPCreateCustomFieldPage.php custom-field-css parameter...

KLA11579 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. Vulnerabilitiy in WebKit can be exploited remotely via specially crafted text file...

KLA11580 Multiple vulnerabilities in Apple iTunes

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. Vulnerabilitiy in WebKit can be exploited remotely via specially crafted text file...

KLA11561 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. Unspecified...

@idearium/cli (>=1.0.0 <=4.3.0-beta.0), @stoplight/command (>=0.0.11-1 <=0.0.24) +27 more potentially affected by CVE-2019-10747 via set-value (=3.0.0)

set-value NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @idearium/cli =1.0.0, =0.0.11-1, =0.0.11-29, =0.0.11-1, =0.0.11-1, =0.0.11-1, =0.0.18, =0.0.11-1, =0.0.11-1, =0.0.11-30, =0.0.11-1, =0.0.18,...

Slack: CSS Injection to disable app & potential message exfil

Tested on Slack for MacOS v4.0.2 - I've marked this as code injection since there was no "css injection" 1. In the app go to Preferences - Sidebar 2. Enable custom theming 3. Set the column BG to FFFFFF; html display:none; 4. The app will no-longer render this survives re-installs If this theme...

DEBIAN-CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

Command injection

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

CVE-2019-14784

The CVE-2019-14784 entry applies to the WordPress plugin CP Contact Form with PayPal (pre-1.2.98). It contains an XSS in CSS edition vulnerability in the plugin’s admin/css handling, with PoC evidence showing input can be reflected in the admin interface. Affected versions are prior to 1.2.98; a ...

Command Injection

nokogiri is vulnerable to command injection. The vulnerability exists as commands can be executed in a subprocess by Ruby's Kernel.open through Nokogiri::CSS::Tokenizerloadfile...

FreeBSD : Nokogiri -- injection vulnerability (0569146e-bdef-11e9-bd31-8de4a4470bbb)

Nokogiri GitHub release : A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being passed untrusted user input...

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0103)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR...

Nokogiri -- injection vulnerability

Nokogiri GitHub release: A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being passed untrusted user input...

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being passed untrusted user input. This vulnerability appears...

Design/Logic Flaw

In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended...