CVE-2010-1401

CVE-2010-1401 is a use-after-free in WebKit’s CSS handling in Safari before version 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4. The flaw relates to the :first-letter pseudo-element and can allow remote attackers to execute arbitrary code or trigger a crash (DoS). The d...

CVE-2010-1749

CVE-2010-1749 is a use-after-free vulnerability in WebKit affecting Apple Safari prior to version 5.0 on Mac OS X 10.5–10.6 and Windows, and prior to 4.1 on Mac OS X 10.4. The issue arises from the CSS run-in property and multiple invocations of a destructor for a child element that has been refe...

CVE-2010-1417

CVE-2010-1417 affects the WebKit CSS implementation in Apple Safari (before 5.0 on Mac OS X 10.5–10.6 and Windows; before 4.1 on Mac OS X 10.4). It allows remote attackers to trigger arbitrary code execution or a denial of service via HTML content that uses multiple :after pseudo-selectors. The p...

CVE-2010-1392

CVE-2010-1392 is associated with WebKit/libwebkit in Open/Safari environments. Connected documents show that libwebkit updates (e.g., openSUSE openSUSE-SU-2010:0458-1 and openSUSE-SU-2011:0024-1) address multiple WebKit-related flaws including CVE-2010-1392, indicating a fixed in patched library ...

CVE-2010-1393

CVE-2010-1393 affects WebKit’s CSS handling in Safari before 5.0 on Windows/Mac and before 4.1 on Mac OS X/opens with a redirecting URL, allowing remote attackers to discover sensitive URLs via an HREF attribute. The vulnerability exposes partial confidentiality as described by the NVD, with rela...

Online Notebook Manager SQL Injection Vulnerability

Exploit for php platform in category web applications =================================================== Online Notebook Manager SQL Injection Vulnerability =================================================== Author: L0rd CrusAd3r aka VSN email protected Exploit Title: Online Notebook Manager SQ...

DEBIAN-CVE-2010-1647

Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as script by Internet Explorer...

CVE-2010-1647

Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as script by Internet Explorer...

Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must visit a website or open a malicious document. The specific flaw exists within the way Webkit implements the 'first-letter' css style...

CVE-2010-1647

Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as script by Internet Explorer...

CVE-2010-1647

Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as script by Internet Explorer...

FreeBSD : mediawiki -- two security vulnerabilities (fc55e396-6deb-11df-8b8e-000c29ba66d2)

Two security vulnerabilities were discovered : Noncompliant CSS parsing behaviour in Internet Explorer allows attackers to construct CSS strings which are treated as safe by previous versions of MediaWiki, but are decoded to unsafe strings by Internet Explorer. A CSRF vulnerability was discovered...

Arbitrary UNC file read in IE 8

Internet Explorer is vulnerable to a drive-by arbitrary UNC file read, with the usual consequences local account password disclosure, etc. as in IE6 before SP1. It is in ICMFilter, which is accessible via the CSS filter property. Sample exploit code: div...

mediawiki -- two security vulnerabilities

Two security vulnerabilities were discovered: Noncompliant CSS parsing behaviour in Internet Explorer allows attackers to construct CSS strings which are treated as safe by previous versions of MediaWiki, but are decoded to unsafe strings by Internet Explorer. A CSRF vulnerability was discovered ...

New Tabbed Browsing Phishing Attack Exploits User Trust

A researcher has developed a new type of phishing attack that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab. The attack, demonstrated by Aza Raskin of Mozilla, could be use...

Internet Explorer CSS Import Cross-Domain Restriction Bypass (MS06-021; CVE-2005-4089)

The Microsoft Internet Explorer IE is a web browser capable of displaying HTML encoded pages, downloading files, etc. This application has a built in JavaScript interpreter. It is also capable of using Cascading Style Sheets CSS. A Cross-Domain vulnerability exists in Microsoft Internet Explorer...

Apple Safari 4.0.3 (Win32) CSS Remote Denial Of Service Exploit

No description provided by source. =============================================================== Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit =============================================================== In The Name Of Allah Apple Safari 4.0.3 Win32 CSS Remote Denial Of Servi...

MediaWiki >= 1.5 CSS验证信息泄露漏洞

BUGTRAQ ID: 38621 CVE ID: CVE-2010-1189 MediaWiki是著名的wiki程序，运行于PHP+MySQL环境。 MediaWiki的CSS验证功能没有禁止wiki编辑者在wiki页面中链接到其他网站的图形，这允许编辑者通过添加到恶意网站上的图形链接获得IP 地址等有关于wiki用户的敏感信息。 MediaWiki = 1.5 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-2022-1）以及相应补丁: DSA-2022-1：New mediawiki packages fix several...

Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2)

=============================================================== Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit =============================================================== In The Name Of Allah Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit Tested on Safari 4.0.3.0...

Apple Safari 4.0.3 CSS Denial Of Service

=============================================================== Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit =============================================================== In The Name Of Allah Apple Safari 4.0.3 Win32 CSS Remote Denial Of Service Exploit Tested on Safari 4.0.3.0...