EUVD-2003-1144

Malware in sbrugna...

Chrome Universal XSS using late widget updates (CVE-2017-5006)

VULNERABILITY DETAILS Among the things that Document::shutdown does, |view-dispose| is called: From /thirdparty/WebKit/Source/core/frame/FrameView.cpp: void FrameView::dispose ... // FIXME: Do we need to do something here for OOPI? HTMLFrameOwnerElement ownerElement = mframe-deprecatedLocalOwner;...

Chrome Universal XSS using an <input type="color"> element (CVE-2016-5208)

VULNERABILITY DETAILS When an input element is removed, the popup is closed during the layout tree detach: void HTMLInputElement::detachLayoutTreeconst AttachContext& context HTMLTextFormControlElement::detachLayoutTreecontext; mneedsToUpdateViewValue = true; minputTypeView-closePopupView; If the...

Microsoft Visual Studio UserControl远程代码执行漏洞

BUGTRAQ ID: 16225 Microsoft Visual Studio是微软公司的开发工具套件系列产品，是一个基本完整的开发工具集，包括了软件整个生命周期中所需要的大部分工具。 Visual Studio没有事先通知用户便允许执行一个项目文件中的代码。在将UserControl添加到Windows Formular中时，如果显示了UserControl所在的主窗体的话，VS就可能自动启动UserControlLoad函数中的代码。 Microsoft Visual Studio 2005 Microsoft ---------...