UBUNTU-CVE-2015-5522

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving a command character in an href...

CVE-2015-5523

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation...

UBUNTU-CVE-2015-5523

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation...

MediaWiki Incomplete Blacklist Vulnerability (CNVD-2015-02417)

MediaWiki is a Wiki program. An incomplete blacklist vulnerability exists in MediaWiki. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of an element with the xlink:href attribute...

DEBIAN-CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

Input validation

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

CVE-2015-2932

CVE-2015-2932 is an Incomplete blacklist vulnerability in MediaWiki prior to fixed releases. The issue allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element, affecting MediaWiki versions before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2. The ...

Apache HTTP Server mod_dav MERGE Request Denial of Service - Ver2 (CVE-2013-1896)

A denial of service vulnerability has been reported in the moddav component of Apache HTTP Server. The vulnerability is due to a NULL pointer dereference when processing a MERGE request with a URI whose source href points to a non-DAV configured URI. A remote attacker can send a crafted HTTP...

骑士CMS全局XSS过滤绕过存储型XSS前台后台指哪打哪

简要描述： 74cmsv3.5.120141020 骑士CMS全局XSS过滤绕过存储型XSS前台后台指哪打哪大部分能输入的地方都可以。 详细说明： 开篇：php里面的striptags函数剥去 HTML、XML 以及 PHP 的标签。但是并不是所有的都会被过滤。例如： 注释：%0b表示字符0x0B, 即为urldecode'%3C%0Ba%0B%3E'的值 上面的代码经过striptags后，返回字符串不过会改变。本次然过就是基于以上内容+全局过滤函数的一些BUG。 分析： 我们先来看看全局的XSS过滤函数。 function mystriptags$string $string =...

Microsoft Internet Explorer 4/5/6 Embedded Image URI Obfuscation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10308/info It has been reported that Microsoft Internet Explorer is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatte...

Microsoft Internet Explorer 6.0 Href Title Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18820/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because of an error in processing an HTML 'href' tag with a very large title. An attacker can exploit this vulnerability to cause the...

Microsoft Internet Explorer 6.0 HREF Save As Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10552/info A vulnerability is reported to exist in Internet Explorer that may allow an attacker to cause the application to crash. The issue presents itself when a user attempts to invoke the Save As option on a malicious...

CVE-2013-1896

moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for handling by the moddavsvn module, but a certain href...

Mozilla: evalInSanbox location context incorrectly applied (MFSA 2012-93)

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which...

Mozilla: evalInSanbox location context incorrectly applied (MFSA 2012-93)

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which...

CVE-2011-5162

GOM Player 2.1.33.5071 is affected by a stack-based buffer overflow in the ASX ref href handling, allowing user‑assisted remote code execution via a crafted ASX file with a long URI. The issue is described as a regression from CVE-2007-0707. Affected component: parsing of the ASX file’s ref href ...

Design/Logic Flaw

The execcommand function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute...

DEBIAN-CVE-2012-3508

Cross-site scripting XSS vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email...

UBUNTU-CVE-2012-3508

Cross-site scripting XSS vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email...