5254 matches found
Foxit Reader XFA field Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of fiel...
Microsoft Edge CSS Custom Property Type Confusion Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
The vulnerability of the Media Streaming add-on, which handles the transmission of multimedia files, arises from the failure to eliminate special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.
The vulnerability of the Media Streaming add-on relates to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands with root privileges remotely...
CVE-2018-10193
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...
CVE-2018-10193
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...
CVE-2018-1273
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
CVE-2018-1273
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
tcpdump: Buffer over-read in print-802_11.c:parse_elements() in IEEE 802.11 parser
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-80211.c:parseelements...
CVE-2017-2493
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain...
Microsoft Edge Select Element Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Microsoft Edge CSS var Function Type Confusion Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Edge CQuotes Type Confusion Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
UBUNTU-CVE-2018-5128
A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox 59...
The vulnerability of the Mercurial version control software lies in its inability to properly handle special elements used in the operating system’s command line. This allows a perpetrator to execute arbitrary code.
The vulnerability of the Mercurial version control software is related to the lack of measures to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created Git subrepository...
FreeBSD : mpv -- arbitrary code execution via crafted website (3ee6e521-0d32-11e8-99b0-d017c2987f9a)
mpv developers report : mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted website, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an...
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:0361-1)
This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed : - CVE-2018-5091: Use-after-free with DTMF timers bsc1077291. - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free whi...
Mozilla: Use-after-free while manipulating form input elements (MFSA 2018-03)
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...
Mozilla: Use-after-free while editing form elements (MFSA 2018-03)
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...
The vulnerability of the microprogrammed software of the Digizo ShAirDisk PTW-WMS1, caused by the failure to implement measures to neutralize special elements, allows a intruder to execute arbitrary commands of the operating system.
The vulnerability of the microprogrammed wireless mobile disk storage device Digizo ShAirDisk PTW-WMS1 arises due to the lack of measures to neutralize the special elements used in the operating system’s team. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software is related to the lack of measures taken to neutralize special elements, allowing intruders to execute arbitrary commands.
The vulnerability of the Zivif PR115-204-P-RS webcam microprogramming software is related to the lack of measures taken to neutralize the special elements used in the command string. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using CGI scripts. An example...