Lucene search
K

5254 matches found

Drupal
Drupal
added 2018/07/25 12:0 a.m.8 views

Select (or other) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-054

This module enables users to select 'other' on certain form elements and a textfield appears for the user to provide a custom value. The module doesn't sufficiently escape values of a text field the under the scenario when "Select or other" formatter is used. This vulnerability is mitigated by th...

6.5AI score
Exploits0References7
NVD
NVD
added 2018/07/23 8:29 a.m.13 views

CVE-2018-14527

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements...

6.1CVSS6.1AI score0.00675EPSS
Exploits1References1
Prion
Prion
added 2018/07/23 8:29 a.m.12 views

Cross site scripting

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements...

4.3CVSS6AI score0.00675EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/07/23 8:29 a.m.4 views

CVE-2018-14527

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements...

6.1CVSS5.8AI score0.00675EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/07/23 8:0 a.m.16 views

CVE-2018-14527

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements...

6.1AI score0.00675EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2018/07/19 12:0 a.m.20 views

Foxit Reader Polygon Annotation borderEffectIntensity Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

6.8CVSS3.1AI score0.02773EPSS
Exploits0References1
android
android
added 2018/07/01 12:0 a.m.25 views

CVE-2018-5872

While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur...

8.3CVSS4.2AI score0.00473EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2018/06/29 12:0 a.m.4 views

The vulnerability of Adobe Dreamweaver CC arises from incorrect processing of URIs, allowing attackers to execute arbitrary code in the context of the current user.

The vulnerability of Adobe Dreamweaver CC is related to the lack of measures taken to neutralize special elements used in operating system teams. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

10CVSS6AI score0.14462EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2018/06/20 5:41 p.m.1 views

Google Developer Discovers a Critical Bug in Modern Web Browsers

Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser. Discovered by Jake Archibald, developer advocate for Googl...

6AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2018/06/20 2:17 p.m.169 views

I discovered a browser bug

I accidentally discovered a huge browser bug a few months ago and I'm pretty excited about it. Security engineers always seem like the "cool kids" to me, so I'm hoping that now I can be part of the club, and y'know, get into the special parties or whatever. I've noticed that a lot of these securi...

4.3CVSS6.5AI score0.02673EPSS
Exploits0
n0where
n0where
added 2018/06/18 8:11 p.m.23 views

Lightweight and Practical Kernel Protector for x86: Shadow-Box

Shadow-box is a security monitoring framework for operating systems using state-of-the-art virtualization technologies. Shadow-box has a novel architecture inspired by a shadow play. We made Shadow-box from scratch, and it is primarily composed of a lightweight hypervisor and a security monitor...

Exploits0References1
NVD
NVD
added 2018/06/11 9:29 p.m.15 views

CVE-2018-5101

A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox 58...

7.5CVSS7.2AI score0.0182EPSS
Exploits0References5
OSV
OSV
added 2018/06/11 9:29 p.m.1 views

DEBIAN-CVE-2018-5102

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...

9.8CVSS8.2AI score0.07157EPSS
Exploits0References1
OSV
OSV
added 2018/06/11 9:29 p.m.1 views

DEBIAN-CVE-2018-5096

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...

9.8CVSS9AI score0.02997EPSS
Exploits0References1
OSV
OSV
added 2018/06/11 9:29 p.m.7 views

CVE-2018-5102

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...

9.8CVSS9.2AI score
Exploits0References13
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

CVE-2017-7842

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox 57...

5.3CVSS5.8AI score0.01565EPSS
Exploits0References4
NVD
NVD
added 2018/06/11 9:29 p.m.19 views

CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

9.8CVSS9.2AI score0.0342EPSS
Exploits1References12
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

DEBIAN-CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

9.8CVSS9.1AI score0.0342EPSS
Exploits1References1
NVD
NVD
added 2018/06/11 9:29 p.m.16 views

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

9.1CVSS8.8AI score0.03186EPSS
Exploits1References11
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

DEBIAN-CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

9.1CVSS8.6AI score0.03186EPSS
Exploits1References1
Rows per page
Query Builder