Design/Logic Flaw

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the...

CVE-2019-10735

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...

CVE-2019-10735

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...

CVE-2019-10735

CVE-2019-10735 affects Claws Mail 3.14.1. An attacker who has access to S/MIME or PGP encrypted emails can wrap the encrypted parts as sub-parts inside a crafted multipart message. The attacker can hide these parts using HTML/CSS or ASCII newline characters, re-sending the modified email to the t...

CVE-2019-10734

CVE-2019-10734 affects KDE Trojita 0.7. An attacker with access to S/MIME or PGP encrypted emails can wrap them inside crafted multipart emails; the encrypted parts can be hidden with HTML/CSS or ASCII newlines. If the recipient replies to the benign-looking email, they may leak the plaintext of ...

CVE-2019-10732

CVE-2019-10732 affects KDE PIM’s messagelib/KMail: an attacker who has S/MIME or PGP encrypted emails can wrap the ciphertext in a crafted multipart message; by hiding parts with HTML/CSS or newline tricks, the attacker can cause the recipient to leak plaintext back when replying. Connected advis...

TCPDF 6.2.19 Deserialization / Remote Code Execution Exploit

TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution. CVE-2018-17057: phar deserialization in TCPDF might lead to RCE --------------------------------------------------------------- Affected products ================= TCPDF While it ...

KLA11456 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, obtain sensitive information, bypass security restrictions and gain privileges. Below is a complete list of vulnerabilities: 1. A...

TCPDF 6.2.19 Deserialization / Remote Code Execution

CVE-2018-17057: phar deserialization in TCPDF might lead to RCE --------------------------------------------------------------- Affected products ================= TCPDF While it is a nice feature to have for the developer, it may cause problems in case the PDF creation script is vulnerable to...

50m-ctf: LFI on Accounting server and RCE on FliteThermostat admin server

Summary: An attacker is able to download local files on the Accounting server due leveraging improper input sanitization in the Invoice PDF generator. In the same fashion an attacker is also able to issue server-side requests on the Accounting server through user-controlled CSS, possibly leading ...

Google Chrome Unicode Range CSS Out Of Bound

An out of bounds read vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...

Booked Scheduler 2.7.5 - Remote Command Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Booked Scheduler v2.7.5 - Remote Command Execution', 'Description' = %q This module exploits...

PT-2019-6365 · Mozilla +2 · Firefox +2

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 70 Description: The issue is related to a compromised child process that could inject XBL Bindings into privileged CSS rules, leading to arbitrary code execution and a sandbox escape. It is also described as a...

Joomla ChronoForms 6.0.17 SQL Injection

Exploit Title : Joomla ChronoForms Components 6.0.17 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepage : chronoengine.com Software Download Link : chronoengine.com/chronoforms Software Information Link :...

Grammarly: DOM based CSS Injection on grammarly.com

Summary: An attacker can inject an external css file which can lead to phishing attacks and xss in older browsers. Description: Within the main.js file the following code exists: javascript t.prototype.componentWillMount = function var e = this.getCtx.nav.waypoint.query, t = e.extcss, n =...

WordPress: Stored XSS in Post Preview as Contributor

Root cause I noticed that the getthecontent makes a pregreplacecallback after all other validation and sanitization has been performed. function getthecontent $morelinktext = null, $stripteaser = false global $page, $more, $preview, $pages, $multipage; $post = getpost; ... if $preview // Preview...

Regular Expression Denial of Service

Overview Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgrad...

KLA11409 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. Multiple memory corruption vulnerabilities in SQLite can be exploited remotely to...

CVE-2019-7316

An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability...

CVE-2019-7316

An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability...