5742 matches found
CVE-2014-8967
CVE-2014-8967 is a Use-after-free in Microsoft Internet Explorer triggered by a crafted HTML/CSS token sequence (display: run-in), causing an improper CElement reference counting. The connected Nessus entry (MS15-009) confirms IE's remediation: apply security update 3034682 (and 3021952/3034196 a...
CVE-2014-7852
Cross-site scripting XSS vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file...
Cross site scripting
Cross-site scripting XSS vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file...
CVE-2014-7852
The CVE-2014-7852 issue is a cross-site scripting (XSS) vulnerability in JBoss RichFaces used by Red Hat JBoss Portal 6.1.1, where RichFaces accepted arbitrary strings in a URL and returned them unencoded in a CSS file. The Red Hat advisory RHSA-2014:1973 documents that this could enable an attac...
CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...
Design/Logic Flaw
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...
CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...
UBUNTU-CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...
CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...
CVE-2014-4465
CVE-2014-4465 affects WebKit in Apple Safari: CSS tokens within an SVG in the SRC attribute of an IMG element can bypass Same Origin Policy. Affected products/versions include Safari/macOS WebKit builds prior to 6.2.1, 7.x prior to 7.1.1, and 8.x prior to 8.0.1. The issue enables cross-origin CSS...
(0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
XBL bindings accessible via improper CSS declarations — Mozilla
Security researcher Cody Crews reported a method to trigger chrome level XML Binding Language XBL bindings through web content. This was possible because some chrome accessible CSS stylesheets had their primary namespace improperly declared. When this occurred, it was possible to use these...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...
CVE-2014-9036
Cross-site scripting XSS vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets CSS token sequence in a post...
Cross site scripting
Cross-site scripting XSS vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets CSS token sequence in a post...
CVE-2014-9036
Cross-site scripting XSS vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets CSS token sequence in a post...
CVE-2014-9036
CVE-2014-9036 is a cross-site scripting (XSS) vulnerability in WordPress versions prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1. A crafted Cascading Style Sheets (CSS) token sequence in a post can be used by remote attackers to inject arbitrary script/HTML. Th...
Local Path Disclosure when using Asset Pipeline - ownCloud
ownCloud 7 introduced the so-called "Asset Pipeline". It is disabled by default, but can be enabled by setting asset-pipeline.enabled to true in config.php When the setting is enabled ownCloud concatenates all CSS and JS files into a single large blob file. Thus the amount of initial required...
Microsoft Internet Explorer CSS Quotes Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Microsoft Internet Explorer CStyleSheet::get_parentStyleSheet Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to the way...