slickMsg 0.7-alpha BBCode CSS Cross Site Scripting

www.eVuln.com advisory: BBCode CSS XSS in slickMsg Summary: http://evuln.com/vulns/162/summary.html Details: http://evuln.com/vulns/162/description.html -----------Summary----------- eVuln ID: EV0162 Software: slickMsg Vendor: n/a Version: 0.7-alpha Critical Level: low Type: Cross Site Scripting...

MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption

This module exploits a memory corruption vulnerability within Microsoft's HTML engine mshtml. When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer t...

Internet Explorer CSS SetUserClip Memory Corruption

$Id: ms10090iecssclip.rb 11331 2010-12-14 18:41:20Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Google Chrome < 8.0.552.237 Multiple Vulnerabilities

Binary data 5742.pasl...

Microsoft Internet Explorer CSS use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the handling of CSS, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a vulnerability caused by a use-after-free error within the mshtml.dl...

CVE-2010-3768

CVE-2010-3768 affects Mozilla Firefox (before 3.5.16 and 3.6.x before 3.6.13), Thunderbird (before 3.0.11 and 3.1.x before 3.1.7), and SeaMonkey (before 2.0.11). The issue stems from improper validation of downloadable fonts in the OS font implementation, enabling remote code execution via vector...

New Remotely Exploitable Bug Found in Internet Explorer

Another serious remotely exploitable bug in Internet Explorer has cropped up, this one related to the way that IE handles a specific DLL library on pages that reference CSS files. There also is publicly available exploit code for the new bug. The vulnerability was disclosed initially on the Full...

Internet Explorer 8 CSS Parser Denial of Service

No description provided by source. code div style="position: absolute; top: -999px;left: -999px;" link href="css.css" rel="stylesheet" type="text/css" / /code code of css.css color:red; @import url"css.css"; @import url"css.css"; @import url"css.css"; @import url"css.css"; /code...

CVE-2010-3768

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via...

Internet Explorer 8 CSS Parser Denial of Service

Exploit for windows platform in category dos / poc ================================================ Internet Explorer 8 CSS Parser Denial of Service ================================================ color:red; @import url"css.css"; @import url"css.css"; @import url"css.css"; @import url"css.css";...

Microsoft Internet Explorer 8 - CSS Parser Denial of Service

color:red; @import url"css.css"; @import url"css.css"; @import url"css.css"; @import url"css.css"; Exploit-DB Notes: Original credit goes to an unidentified researcher using WooYun anonymous account "路人甲". WooYun is a connection platform for vendors and security researchers:...

Microsoft Internet Explorer 8 - CSS Parser Denial of Service

Microsoft Internet Explorer 8 - CSS Parser Denial of Service color:red; @import url"css.css"; @import url"css.css"; @import url"css.css"; @import url"css.css"; Exploit-DB Notes: Original credit goes to an unidentified researcher using WooYun anonymous account "路人甲". WooYun is a connection platfor...

Social Engineering Ninja v0.4 - Latest Release Download

"S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail function in PHP. It is a Phishing Web Application Written in PHP,XHTML,CSS,JS." This is the official change log: Edited tables names Added XSS stealer module Now you got control of ipcapture...

Microsoft IE CSS tag parsing remote code execution 0day Proc-vulnerability warning-the black bar safety net

Author: ThelostMind Microsoft IE CSS tag parsing remote code execution 0day vulnerabilities, but also a rare remote code execution vulnerability. IE in the processing of a web page in a particular style the label when the vulnerability exists, a remote attacker could exploit this vulnerability by...

CVE-2010-3822

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets CSS counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service...

CVE-2010-3817

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets CSS 3D transforms, which allows remote attackers to execute arbitrary code or...

CVE-2010-3821

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets CSS token sequence, which allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2010-3819

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets CSS boxes, which allows remote attackers to execute arbitrary code or cause a...

CVE-2010-3822

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets CSS counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service...

UBUNTU-CVE-2010-3819

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets CSS boxes, which allows remote attackers to execute arbitrary code or cause a...