22 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-11646
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in...
SUSE: Security Advisory (SUSE-SU-2018:2075-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 28 : webkit2gtk3 (2018-118b9abf99)
This update addresses the following vulnerabilities : - CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246, CVE-2018-11646. Additional fixes : - Fix installation directory of API documentation. - Disable Gigacage if mmap fails to allocate in...
SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2018:2075-1)
This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed : - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch bsc1097693. - CVE-2018-4199: An...
Security update for webkit2gtk3 (moderate)
This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed: - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch bsc1097693. - CVE-2018-4199: An...
openSUSE Security Update : webkit2gtk3 (openSUSE-2018-845)
This update for webkit2gtk3 to version 2.20.3 fixes the following issues : These security issues were fixed : - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch bsc1097693. - CVE-2018-4199: An...
Fedora 27 : webkitgtk4 (2018-aac3ca8936)
This update addresses the following vulnerabilities : - CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246, CVE-2018-11646. Additional fixes : - Fix installation directory of API documentation. - Disable Gigacage if mmap fails to allocate in...
CVE-2018-11646
creationtimestamp| type| source ---|---|--- 2018-06-21 21:37:11+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/webkitplus.rb 2025-01-23 20:37:20+00:00| published-proof-of-concept| Telegram/gZVW49kuYoasZTY1tITTGZ5xDPxjlw-c5GyQ-w1Z3p3ssZo 2025-02-...
WebKitGTK+ < 2.21.3 - #WebKitFaviconDatabase DoS Exploit
Exploit for linux platform in category dos / poc Title: WebKitGTK+ "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service. ,...
WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service (Metasploit)
WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service Metasploit Title: WebKitGTK+ "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in...
WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit)
Title: WebKitGTK+ "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service. , 'License' = MSFLICENSE, 'Author' = 'Dhiraj Mishra'...
WebKitGTK+ WebKitFaviconDatabase Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If...
WebKitGTK+ WebKitFaviconDatabase DoS
This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. Title: WebKitGTK+ win = window.open"sleeponesecond.php...
WebKitGTK+ 2.21.3 pageURL Mishandling Denial Of Service
Summary: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash, CVE-2018-11646 was assigned to this issue. Po...
WebKitGTK+ 2.21.3 - Crash (PoC)
WebKitGTK+ 2.21.3 - Crash PoC Title: WebKitGTK+ win = window.open"sleeponesecond.php", "WIN"; window.open"https://www.paypal.com", "WIN"; win.document.execCommand'Stop'; win.document.write"Spoofed URL"; win.document.close; Backtrace using fedora 27: 0 WTF::StringImpl::rawHash at...
WebKitGTK+ < 2.21.3 - Crash (PoC)
Title: WebKitGTK+ win = window.open"sleeponesecond.php", "WIN"; window.open"https://www.paypal.com", "WIN"; win.document.execCommand'Stop'; win.document.write"Spoofed URL"; win.document.close; Backtrace using fedora 27: 0 WTF::StringImpl::rawHash at...
CVE-2018-11646
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash...
CVE-2018-11646
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash...
CVE-2018-11646
CVE-2018-11646 affects WebKitGTK+ (WebKit) up to at least 2.21.3, via WebKitFaviconDatabase.cpp when pageURL is unset, causing an application crash (DoS). Public exploitation code exists (Metasploit/Exploit-DB). Remediation in the provided advisories recommends upgrading to a newer WebKitGTK+ ver...