EUVD-2021-31059

Malicious code in bioql PyPI...

CVE-2021-44209

OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO...

Zontal Arcade HTML 5 Game Portal PHP Script SQL Injection

Zontal Arcade HTML 5 Game Portal PHP Script suffers from a remote SQL injection vulnerability. This software does not list a version but was reported as of March 05, 2025 to be vulnerable. Exploit Title: Zontal Arcade HTML 5 Game Portal PHP Script - SQL Injection Date: 05-03-2025 Exploit Author:...

Poko Arcade HTML 5 Game Portal PHP Script 1.0 SQL Injection

Poko Arcade HTML 5 Game Portal PHP Script version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Poko Arcade HTML 5 Game Portal PHP Script v1.0 - SQL Injection Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez Vendor:...

CVE-2021-44209

OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO...

Cross site scripting

OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO...

CVE-2021-44209

OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO...

CVE-2021-44209

OX App Suite up to version 7.10.5 contains a Cross-Site Scripting (XSS) vulnerability that can be triggered via an HTML5 AUDIO element. The issue affects the frontend of OX App Suite (notably the 7.10.5 release and earlier) and is tied to insufficient escaping within the user-facing components (e...

Vulnerability Spotlight: Two vulnerabilities in Advantech WebAccess/SCADA

Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the Advantech WebAccess/SCADA software package. An adversary could exploit each of these vulnerabilities to disclose sensitive information and elevate their...

Platform Update Supplement for Windows Vista and for Windows Server 2008

Platform Update Supplement for Windows Vista and for Windows Server 2008 INTRODUCTION The Platform Update Supplement for Windows Vista and for Windows Server 2008 is available. This update provides fixes and improvements to graphics, media foundation and print functionality in Windows Vista Servi...

CVE-2015-9464

CVE-2015-9464 – WordPress plugin vulnerability : The s3bubble-amazon-s3-html-5-video-with-adverts plugin for WordPress (version 0.7) contains a directory traversal flaw exposed through the adverts/assets/plugins/ultimate/content/downloader.php path parameter, allowing access to locations outside ...

Microsoft discloses vulnerabilities in Chrome and Opera

Microsoft discloses vulnerabilities in Chrome and Opera Microsoft has issued two advisories on Chrome and Opera, detailing remote code execution and information disclosure vulnerabilities. The disclosure is the result of the Microsoft Vulnerability Research MSVR system going live, which is one of...

Spammers Using SHY Character to Hide Malicious URLs

Spammers have jumped on the little-used soft hyphen or SHY character to fool URL filtering devices. According to researchers at Symantec Corp., spammers are larding up URLs for sites they promote with the soft hyphen character, which many browsers ignore. Spammers aren’t shy about jumping humans...

HTML 5 Comes With SQL Injection Risks

Internet Explorer 9 and Firefox 4 will support it, and Microsoft recently touted its advantages. But the upcoming version of HTML, which builds rich Internet application features into the Web programming language and shifts more Web functions to the client machine, also could open up new Web atta...

WebKit资源装载回调信息泄漏漏洞

Bugraq ID: 36996 CVE ID：CVE-2009-2841 WebKit是一款开放源代码的web浏览器引擎。 当WebKit处理指向外部资源的HTML 5媒体元素时，它不提交资源装载回调以判断资源是否已装载，结果可导致发送某些请求到远程服务器上。如HTML格式的EMAIL消息发送者可以利用这个漏洞用于判断消息是否读取。 WebKit Open Source Project WebKit r38566 WebKit Open Source Project WebKit 0 Apple Safari 4.0.3 Apple Safari 4.0.2 Apple Safari...

Design/Logic Flaw

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attacke...

CVE-2009-2841

CVE-2009-2841 affects WebKit’s HTMLMediaElement: loadResource in WebCore (WebKit before r49480) used by Safari before 4.0.4 on macOS. The vulnerability arises because HTML5 media elements with external URLs do not perform the expected callbacks, enabling a remote attacker to trigger sub-resource ...

Safari < 4.0.4 Multiple Vulnerabilities

Binary data 5232.prm...

CVE-2009-1688

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is...

CVE-2009-1688

Removed by vendor...