CVE-2018-6164

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2018-6137

CVE-2018-6137 is a Blink information-leak vulnerability in Google Chrome, present in Blink-based builds prior to 67.0.3396.62. A crafted HTML page could allow a remote attacker to disclose cross-origin data. Connected CNVD-2018-11487 describes the Chrome/Blink impact and mode of disclosure. Publi...

CVE-2018-6164

CVE-2018-6164 relates to Google Chrome/Chromium’s Blink component. The initial CVE description notes “insufficient origin checks for CSS content in Blink” which allowed a remote attacker to leak cross-origin data via a crafted HTML page. Connected documents corroborate a broader class of cross-or...

Phishing Tactic Hides Tracks with Custom Fonts

An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks. Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting...

desertmuseum.org XSS vulnerability

Open Bug Bounty ID: OBB-710941 Description| Value ---|--- Affected Website:| desertmuseum.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

Denial Of Service (DoS)

libcroco-0.6.so is vulnerable to denial of service. An infinite loop in the crparserparseselectorcore function in cr-parser.c allows a remote attacker to cause a denial of service condition via a crafted CSS file...

Denial Of Service (DoS)

libcroco-0.6.so is vulnerable to denial of service. A memory allocation error in the crtknzrparsecomment function in cr-tknzr.c allows a remote attacker to cause a denial of service condition via a crafted CSS file...

ccccenglish.org XSS vulnerability

Open Bug Bounty ID: OBB-701514 Description| Value ---|--- Affected Website:| ccccenglish.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

UBUNTU-CVE-2018-19218

In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parsecssvariablevaluetoken that will lead to a DoS attack...

WebMap - Nmap Web Dashboard And Reporting

A Web Dashbord for Nmap XML Report Usage You should use this with docker, just by sending this command: $ mkdir /tmp/webmap $ docker run -d \ --name webmap \ -h webmap \ -p 8000:8000 \ -v /tmp/webmap:/opt/xml \ rev3rse/webmap $ now you can run Nmap and save the XML Report on /tmp/webmap $ nmap -s...

[SECURITY] Fedora 28 Update: roundcubemail-1.3.8-1.fc28

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Apple Safari RenderCounter Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CSS...

CVE-2018-12373

CVE-2018-12373 concerns Mozilla Thunderbird prior to 52.9.1, where decrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. The issue is categorized as an information disclosure vulnerability affecting Thunderbird versions older th...

Chaturbate: Stored XSS on chaturbate.com (wish list)

Hi, I found a stored XSS on chaturbate.com Description The input wishlist in the bio of a user allows him/her to enter CSS properties, however some browsers like Opera or Internet Explorer are vulnerable to XSS through the attribute style. request http POST /accounts/editbio/ HTTP/1.1 Host:...

Microsoft Internet Explorer CSS Style Double Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CSS Attack Causes iOS, macOS Devices to Crash

A newly-revealed proof-of-concept attack can cause iOS devices to crash or restart with a mere 15 lines of code, a researcher disclosed over the weekend. On Saturday, researcher Sabri Haddouche, a security researcher at Wire, tweeted the source code of the proof-of-concept PoC attack that he said...

Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

It's 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze. Sabri Haddouche , a security researcher at encrypted instant messaging app Wire, revealed a proof-of-concept PoC web page containing an exploit that uses only a few lines of...

Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

It's 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze. Sabri Haddouche, a security researcher at encrypted instant messaging app Wire, revealed a proof-of-concept PoC web page containing an exploit that uses only a few lines of...

iOS Safari Denial of Service with CSS

This module exploits a vulnerability in WebKit on Apple iOS. If successful, the device will restart after viewing the webpage. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "iOS Safari Denial ...

Input validation

An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with ?php content, because of insufficient input validation in...