8293 matches found
Microsoft Edge 38.14393.1066.0 - COptionsCollectionCacheItem::GetAt Out-of-Bounds Read
Microsoft Edge 38.14393.1066.0 - COptionsCollectionCacheItem::GetAt Out-of-Bounds Read function go select1.multiple = false; var optgroup = document.createElement"optgroup"; select1.addoptgroup; var options = select1.options; select2 = document.createElement"select";...
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the serv...
Microsoft Edge COptionsCollectionCacheItem::GetAt Out-Of-Bounds Read
Microsoft Edge: out-of-bounds read in COptionsCollectionCacheItem::GetAt CVE-2017-8734 There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 Microsoft EdgeHTML...
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is...
Microsoft Edge COptionsCollectionCacheItem::GetAt Out-Of-Bounds Read Exploit
There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 Microsoft EdgeHTML 14.14393 as well as Microsoft Edge 40.15063.0.0 Microsoft EdgeHTML 15.15063. Microsoft Edge...
Regular Expression Denial Of Service (ReDoS)
debug is vulnerable to Regular Expression Denial Of Service ReDoS. The regular expression is used to map %o to util.inspect can take awhile for long strings, hanging an application...
Crowbar - Brute Forcing Tool (SSH, OpenVPN, RDP, VNC)
Crowbar formally known as Levye is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH...
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2416-1)
This update for qemu fixes the following issues: Security issues fixed : - CVE-2017-10664: Fix DOS vulnerability in qemu-nbd bsc1046636 - CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb redirection support bsc1047674 - CVE-2017-11334: Fix OOB access during DMA operation...
PYSEC-2017-44
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
DEBIAN-CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
PYSEC-2017-44
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
ALPINE-CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
FreeBSD : Django -- possible XSS in traceback section of technical 500 debug page (aaab03be-932d-11e7-92d8-4b26fc968492)
Django blog : In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG =...
Cross-site Scripting (XSS)
Django is vulnerable to cross-site scripting XSS attacks. The library disabled HTML escaping in the 500 debug page template, allowing a malicious user to inject and execute arbitrary webscript...
PT-2017-3841 · Django +1 · Django +1
Name of the Vulnerable Software and Affected Versions: Django versions 1.10.x through 1.10.7 Django versions 1.11.x through 1.11.4 Description: The issue is related to the disabling of HTML autoescaping in a portion of the template for the technical 500 debug page in Django. This could allow a...
Django -- possible XSS in traceback section of technical 500 debug page
Django blog: In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG =...