SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities

CVE: CVE-2011-2687 Multiple vulnerabilities and weaknesses were discovered in Drupal. Reflected cross site scripting vulnerability in error handler A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a...

drupal6 -- multiple vulnerabilities

Drupal Team reports: A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-screen...

MS11-003 Microsoft Internet Explorer CSS Recursive Import Use After Free

This module exploits a memory corruption vulnerability within Microsoft's HTML engine mshtml. When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the...

CVE-2011-1440

Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets CSS token sequences...

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets CSS token sequences...

CVE-2011-1440

CVE-2011-1440 affects Google Chrome prior to 11.0.696.57. The vulnerability is a use-after-free in handling the ruby element and CSS token sequences in the rendering pipeline (WebKit-based). Exploitation is remote and could cause a denial of service or possibly other unspecified impact. The avail...

DEBIAN-CVE-2011-1579

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets CSS token sequences, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information by using the \2f\2a an...

CVE-2011-1579

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets CSS token sequences, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information by using the \2f\2a an...

Cross site scripting

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets CSS token sequences, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information by using the \2f\2a an...

CVE-2011-1579

The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets CSS token sequences, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information by using the \2f\2a an...

CVE-2011-1579

MediaWiki prior to 1.16.3 is vulnerable via the checkCss function in includes/Sanitizer.php, which fails to validate CSS token sequences and can be exploited to perform cross-site scripting or expose sensitive information using hex sequences like \2f\2a and \2a\2f to surround CSS comments. The De...

Fedora 14 : python-feedparser-5.0.1-1.fc14 (2011-4894)

Current release: 5.0.1 - February 20, 2011 - Fix issue 91 invalid text in XML declaration causes sanitizer to crash - Fix issue 254 sanitization can be bypassed by malformed XML comments - Fix issue 255 sanitizer doesn't strip unsafe URI schemes Previous release: 5.0 - January 25, 2011 - Improved...

Fedora 13 : python-feedparser-5.0.1-1.fc13 (2011-4911)

Current release: 5.0.1 - February 20, 2011 - Fix issue 91 invalid text in XML declaration causes sanitizer to crash - Fix issue 254 sanitization can be bypassed by malformed XML comments - Fix issue 255 sanitizer doesn't strip unsafe URI schemes Previous release: 5.0 - January 25, 2011 - Improved...

Google Chrome 'Webkit' CSS Implementation DoS Vulnerability - Linux

Google Chrome is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome 'WebKit' CSS Implementation DoS Vulnerability - Windows

Google Chrome is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome 'WebKit' CSS Implementation DoS Vulnerability (Windows)

The host is installed Google Chrome and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromecssimpdosvulnwin.nasl 7015 2017-08-28 11:51:24Z teissa $ Google Chrome 'WebKit' CSS Implementation DoS Vulnerability Windows Authors: Madhuri D Copyright: Copyright c...

Google Chrome 'Webkit' CSS Implementation DoS Vulnerability (Linux)

The host is install with Google Chrome and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromecssimpdosvulnlin.nasl 7024 2017-08-30 11:51:43Z teissa $ Google Chrome 'Webkit' CSS Implementation DoS Vulnerability Linux Authors: Madhuri D Copyright: Copyright ...

ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability

ZDI-11-104: Pwn2Own Webkit CSS Text Element Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-104 April 14, 2011 -- CVE ID: CVE-2011-1290 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit --...

Google Chrome 10.0.648.205 Stack Overflow

!/usr/bin/ruby +Exploit Title: Google Chrome 10.0.648.205 Stack Overflow Vulnerability +Date: 17\04\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.google.com/chrome +Version: 10.0.648.205 +Teste On: WIN-XP SP3 Brazilian Portuguese +CVE: N/A About: This is a bug of the Stack Overflow that...

Cherry enterprise website management system v1. 0 Upload vulnerability-vulnerability warning-the black bar safety net

Cherry enterprise website management system full DIV+CSS template, multi-browser adapt perfectly compatible with IE6-IE8,Firefox, Google, etc. standards-compliant browser, the template styles centralized in a CSS style, content and style completely separated convenient website designers to develo...