CSS injection in themes

PMASA-2017-4 Announcement-ID: PMASA-2017-4 Date: 2017-01-24 Summary CSS injection in themes Description It was possible to cause CSS injection in themes by crafted cookie parameters. Severity We consider this to be non critical. Affected Versions All 4.6.x versions prior to 4.6.6, 4.4.x versions...

About the security content of Safari 9.0.3 - Apple Support

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...

CVE-2016-4296

When opening a Hangul Hcell Document .cell and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore "" character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application wil...

KLA10926 Cross-site scripting vulnerability in Tenable Nessus

Cross-site scripting vulnerability was found in Tenable Nessus. By exploiting this vulnerability malicious users can inject HTML code or arbitrary web script. This vulnerability can be exploited remotely via unspecified vectors. Original advisories Nessus 6.9.3 Release Notes Related products Ness...

Google Fixes 12 High-Severity Vulnerabilities In Chrome Browser

Google is urging Windows, Mac and Linux users to update their Chrome browsers to fix multiple vulnerabilities that could allow malicious third parties to take control of targeted systems. Released Thursday, Chrome version 55.0.2883.75 for Windows, Mac, and Linux fixes those security issues. It al...

Tor Browser / Firefox Remote use-after-free FBI Exploit

Exploit for multiple platform in category remote exploits This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in...

MyLittleForum 2.3.6.1 XSS / Path Overwrite Vulnerability

MyLittleForum version 2.3.6.1 suffers from path overwrite and cross site scripting vulnerabilities. 1. Introduction Affected Product: MyLittleForum 2.3.6.1 Fixed in: 2.3.7beta Fixed Version Link: https://github.com/ilosuna/mylittleforum/releases/tag/ v2.3.7beta Vendor Website:...

MyLittleForum 2.3.6.1 XSS / Path Overwrite

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyLittleForum 2.3.6.1 Fixed in: 2.3.7beta Fixed Version Link: https://github.com/ilosuna/mylittleforum/releases/tag/ v2.3.7beta Vendor Website: http://mylittleforum.net/ Vulnerability Type: XSS & RPO Remote Exploitable: Y...

Microsoft Internet Explorer 9-11 MSHTML - PROPERTYDESC::Handle­Style­Component­Property Out-of-Bound

Exploit for windows platform in category dos / poc // This Po­C attempts to exploit a memory disclosure bug in Microsoft Internet // Explorer 11. On x64 systems, this should cause an access violation when // run with page-heap enabled, as the code attempts to read a byte // immediately following ...

Microsoft Internet Explorer 11109 - MSHTML PROPERTYDESC::Handle­Style­Component­Property Out-of-Bounds Read (MS16-104)

Microsoft Internet Explorer 11109 - MSHTML PROPERTYDESC::Handle­Style­Component­Property Out-of-Bounds Read MS16-104 // This Po­C attempts to exploit a memory disclosure bug in Microsoft Internet // Explorer 11. On x64 systems, this should cause an access violation when // run with page-heap...

Microsoft Internet Explorer 11/10/9 - MSHTML 'PROPERTYDESC::Handle­Style­Component­Property' Out-of-Bounds Read (MS16-104)

// This Po­C attempts to exploit a memory disclosure bug in Microsoft Internet // Explorer 11. On x64 systems, this should cause an access violation when // run with page-heap enabled, as the code attempts to read a byte // immediately following a 4 byte memory block. // See...

OLX: Directory Listing of all the resource files of olx.com.eg

By looking in the css of " olx.com.eg " i found that the logo src is linking to an external website https://olxegstatic-a.akamaihd.net/bd498cb-868/packed/img/2fc685b4081782d863b0c0c452ee54197b.png this was so normal until i simply changed the url to just https://olxegstatic-a.akamaihd.net/ I foun...

CVE-2016-5271

CVE-2016-5271 affects Mozilla Firefox before 49.0. The vulnerable component is PropertyProvider::GetSpacingInternal, triggered by text runs in pages using display: contents CSS. The root cause is an out-of-bounds read, which can lead to application crash (Denial of Service) when processing such c...

CVE-2016-5271

The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash via text runs in conjunction with a "display: contents" Cascading Style Sheets CSS property...

How to apply advance customizations to Storefront web page

This article describes how to apply advance Customizations to StoreFront web page. Note : Citrix Support will only help with customization that can be done using StoreFront Management Console. For supported customizations refer toProduct Documentation Prerequisites HTML and CSS programming...

UBUNTU-CVE-2016-5271

The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash via text runs in conjunction with a "display: contents" Cascading Style Sheets CSS property...

CVE-2016-5271

The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash via text runs in conjunction with a "display: contents" Cascading Style Sheets CSS property...

Updated mediawiki packages fix security vulnerability

Check read permission when loading page content in ApiParse CVE-2016-6331 Make blocks log users out if $wgBlockDisablesLogin is true CVE-2016-6332 Make $wgBlockDisablesLogin also restrict logged in permissions CVE-2016-6332 Require login to preview user CSS pages CVE-2016-6333 Escape '' in inline...

MGASA-2016-0305 Updated mediawiki packages fix security vulnerability

Check read permission when loading page content in ApiParse CVE-2016-6331 Make blocks log users out if $wgBlockDisablesLogin is true CVE-2016-6332 Make $wgBlockDisablesLogin also restrict logged in permissions CVE-2016-6332 Require login to preview user CSS pages CVE-2016-6333 Escape '' in inline...

Microsoft Edge CSS white-space Property Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...