Lucene search
K

5254 matches found

Hacker One
Hacker One
added 2018/11/09 8:44 a.m.18 views

Concrete CMS: SVG file that HTML Included is able to upload via File Manager

Concrete5 has the whitelist for restricting that malicious file is uploaded. concrete/config/concrete.php, Line no. 8688 The extension whitelist allows to upload SVG file. However, SVG can has the HTML elements in its code. Ref. https://www.w3.org/TR/SVG2/intro.htmlW3CCompatibility If web browser...

6.5AI score
Exploits0
CNVD
CNVD
added 2018/11/06 12:0 a.m.1 views

Microsoft Internet Explorer Null Pointer Dereference Vulnerability

Internet Explorer is a web browser from Microsoft. A null pointer dereference vulnerability exists in Microsoft Internet Explorer version 11. The vulnerability is caused due to a NULL pointer dereference access conflict within the 'Tree :: NotifyInvalidateDisplay' function when parsing an...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
added 2018/10/30 7:37 p.m.551 views

USN-3804-1: OpenJDK vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

9CVSS7AI score0.07215EPSS
Exploits2
Akamai Blog
Akamai Blog
added 2018/10/10 10:0 a.m.42 views

Find AND Fix First- and Third-Party Issues with the Power of Real Data and Adaptive Performance

It's been well established that there is a correlation between fast digital experiences and positive business results. What users experience on a site has a direct bearing on their engagement and buying behaviour and consequently the overall success of the business. Slow page load times can lead ...

7AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2018/10/10 12:0 a.m.37 views

Microsoft Internet Explorer CSS Style Double Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS2.6AI score0.19165EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/10/04 2:0 p.m.21 views

CVE-2018-12471 External Entity processing in the RegistrationSharing module

A External Entity Reference 'XXE' vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37...

6.5CVSS8.8AI score0.01529EPSS
Exploits0References1
OSV
OSV
added 2018/10/01 8:29 a.m.4 views

CVE-2018-17846

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...

7.5CVSS5.8AI score
Exploits0References3
Prion
Prion
added 2018/10/01 8:29 a.m.19 views

Design/Logic Flaw

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...

5CVSS7.4AI score0.02618EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2018/10/01 8:0 a.m.29 views

CVE-2018-17846

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...

7.4AI score0.02618EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/10/01 8:0 a.m.31 views

CVE-2018-17846

Removed by vendor...

7.5CVSS7AI score0.02618EPSS
Exploits0
Cvelist
Cvelist
added 2018/10/01 8:0 a.m.46 views

CVE-2018-17847

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...

7.4AI score0.02832EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2018/09/28 12:0 a.m.30 views

CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

8.1CVSS7.2AI score0.01075EPSS
Exploits0References4
Prion
Prion
added 2018/09/18 5:29 p.m.31 views

Command injection

Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in shutil module makearchive function that can result in Denial of service, Information gain via injection of arbitrary files on...

7.5CVSS9.8AI score0.20807EPSS
Exploits1References11Affected Software4
Kaspersky
Kaspersky
added 2018/09/12 12:0 a.m.525 views

KLA11323 Multiple vulnerabilities in Apple iTunes

Multiple serious vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, perform cross-site scripting attack, read local files. Below is a complete list of...

8.8CVSS9.6AI score0.10593EPSS
Exploits18References4
RedHat Linux
RedHat Linux
added 2018/09/11 7:53 a.m.5 views

bouncycastle: ECDSA improper validation of ASN.1 encoding of signature

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

7.5CVSS7.2AI score0.01782EPSS
Exploits0References4
Prion
Prion
added 2018/08/23 5:29 a.m.16 views

Remote code execution

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...

6.8CVSS8.2AI score0.10427EPSS
Exploits4References2Affected Software1
OSV
OSV
added 2018/08/21 11:29 p.m.2 views

CVE-2018-15669

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not...

5.3CVSS5.8AI score0.00883EPSS
Exploits0References1
Prion
Prion
added 2018/08/21 11:29 p.m.18 views

Design/Logic Flaw

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the...

4.3CVSS4.6AI score0.00736EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/08/21 12:0 a.m.36 views

Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities

Binary data 700331.prm...

10CVSS7.3AI score0.03641EPSS
Exploits3References10
Openbugbounty
Openbugbounty
added 2018/08/06 8:3 p.m.8 views

architectural-elements.com XSS vulnerability

Open Bug Bounty ID: OBB-659738 Description| Value ---|--- Affected Website:| architectural-elements.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Rows per page
Query Builder