Microsoft Edge CSS Custom Property Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Edge CSS var Function Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

XenForo 2 - CSS Loader Denial of Service Exploit

Exploit for php platform in category web applications Exploit Title: XenForo CSS Loader DoS Google Dork: intext:"Forum software by XenForo™" inurl:css.php ext:php Exploit Author: LockedByte Vendor Homepage: https://xenforo.com/ Software Link: https://xenforo.com/help/installation/ Version: XenFor...

XenForo 2 - CSS Loader Denial of Service

XenForo 2 - CSS Loader Denial of Service Exploit Title: XenForo CSS Loader DoS Google Dork: intext:"Forum software by XenForo™" inurl:css.php ext:php Date: 22-03-18 Exploit Author: LockedByte Vendor Homepage: https://xenforo.com/ Software Link: https://xenforo.com/help/installation/ Version:...

XenForo 2 CSS Loader Denial Of Service

Exploit Title: XenForo CSS Loader DoS Google Dork: intext:"Forum software by XenForoaC/" inurl:css.php ext:php Date: 22-03-18 Exploit Author: LockedByte Vendor Homepage: https://xenforo.com/ Software Link: https://xenforo.com/help/installation/ Version: XenForo 2 Tested on: Linux...

XenForo 2 - CSS Loader Denial of Service

Exploit Title: XenForo CSS Loader DoS Google Dork: intext:"Forum software by XenForo™" inurl:css.php ext:php Date: 22-03-18 Exploit Author: LockedByte Vendor Homepage: https://xenforo.com/ Software Link: https://xenforo.com/help/installation/ Version: XenForo 2 Tested on: Linux...

Third party CSS is not safe

A few days ago there was a lot of chatter about a 'keylogger' built in CSS. Some folks called for browsers to 'fix' it. Some folks dug a bit deeper and saw that it only affected sites built in React-like frameworks, and pointed the finger at React. But the real problem is thinking that third part...

Third party CSS is not safe

A few days ago there was a lot of chatter about a 'keylogger' built in CSS. Some folks called for browsers to 'fix' it. Some folks dug a bit deeper and saw that it only affected sites built in React-like frameworks, and pointed the finger at React. But the real problem is thinking that third part...

Microsoft Edge CSS var Function Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

KLA12054 Multiple vulnerabilities in Cisco Jabber

Multiple vulnerabilities were found in Cisco Jabber. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A cross-site scripting vulnerability in Cisco Jabber Client Framework JCF can be...

Coinbase: Stored CSS Injection

When creating a product, users can upload a logo. The logourl was not escaped properly, allowing an attacker to inject malicious characters into a style tag. This vulnerability did not allow for XSS due to our CSP, however, it did allow for CSS injection...

CVE-2018-6389 WordPress Parameter Resource Consumption Remote DoS

Yesterday Monday, February 5, 2018, a zero-day vulnerability in WordPress core was disclosed, which allows an attacker to perform a denial of service DoS attack against a vulnerable application. The vulnerability exists in the modules used to load JS and CSS files. These modules were designed to...

Cross-site Scripting (XSS)

PrimeFaces is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the p:colorPicker variable, allowing a malicious user to inject arbitrary CSS...

Web Shell Detector - PHP Script That Helps You Find And Identify PHP / CGI (Perl) / ASP / ASPX Shells

Web Shell Detector is a php script that helps you find and identify php/cgiperl/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and...

KLA11186 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface and execute arbitrary code. Below is a complete list of vulnerabilities: 1. Multiple use-after-free vulnerabilities can be...

Skype, Slack and Other Popular Windows Apps Vulnerable to Critical Framework Bug

UPDATE Hundreds of software applications built using the developer framework called Electron may be vulnerable to a remote code execution flaw, according to developers of the framework. Impacted are dozens of popular Windows applications such as Microsoft’s Skype for Windows and Slack. Earlier th...

WordPress Easy Custom Auto Excerpt Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Easy Custom Auto Excerpt plugin is used in one of the document collection plugin. A cross-site scripting...

vcanbuy.com XSS vulnerability

Open Bug Bounty ID: OBB-500607 Description| Value ---|--- Affected Website:| vcanbuy.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based o...

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

[SECURITY] Fedora 27 Update: shellinabox-2.20-5.fc27

Shell In A Box implements a web server that can export arbitrary command li ne tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins...