55 matches found
CVE-2015-8710
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service out-of-bounds heap memory access and application crash, or possibly have unspecified other impact via an unclosed HTML comment...
CVE-2015-8710
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service out-of-bounds heap memory access and application crash, or possibly have unspecified other impact via an unclosed HTML comment...
SUSE-SU-2016:0178-1 Security update for libxml2
This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application bsc960674...
CVE-2015-8710
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service out-of-bounds heap memory access and application crash, or possibly have unspecified other impact via an unclosed HTML comment...
UBUNTU-CVE-2015-8710
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service out-of-bounds heap memory access and application crash, or possibly have unspecified other impact via an unclosed HTML comment...
Updated libxml2 packages fix security vulnerabilities
Updated libxml2 packages fix security vulnerabilities: In libxml2 before 2.9.3, one case where when dealing with entities expansion, it failed to exit, leading to a denial of service CVE-2015-5312. In libxml2 before 2.9.3, it was possible to hit a negative offset in the name indexing used to...
CVE-2009-2431
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source...
CVE-2009-2431
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source...
CVE-2009-2431
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source...
CVE-2009-2431
CVE-2009-2431 affects WordPress 2.7.1, where the author’s username is placed in an HTML comment. This allows remote attackers to read the HTML source and harvest author identifiers (sensitive information). The underlying issue is information disclosure via HTML comments in the post output. Remedi...
CVE-2009-2431
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source...
Moderate: kdelibs security update
3.5.4-13.el5.0.1 - Remove Version branding - Maximum rpm trademark logos removed pics/crystalsvg/-mime-rpm 3.5.4-13.el5 - Resolves: 293571 CVE-2007-0537 Konqueror improper HTML comment rendering CVE-2007-1564 FTP protocol PASV design flaw affects konqueror 3.5.4-12.el5 - resolves: 293421,...
Apple Safari / Konqueror SCRIPT tag filtering bypass
Brower follows script tags within HTML comment. It violates HTML standard...
CVE-2005-1969
Cross-site scripting XSS vulnerability in Pragma Systems Telnetserver 6.0 allows remote attackers to inject arbitrary web script or HTML, and hide activities in log files, via a "!--" HTML comment in a session...
[Full-Disclosure] injection html CuteNews
Original Advisory: http://www.darkbicho.iberhosting.net/advisory-11.txt ------------------------------------------------------------------------------------------------- :.: injection html CuteNews :.: PROGRAM: CuteNews HOMEPAGE: http://cutephp.com/ VERSION: v1.3.x BUG: injection html DATE:...