75 matches found
CVE-2015-7579
Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...
UBUNTU-CVE-2015-7579
Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...
CVE-2015-7579
Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...
XSS vulnerability in rails-html-sanitizer
There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact ------ Due to the way that Rails::Html::FullSanitizer...
Web Clients HTTP URL HTML Entity Cross-Site Scripting
A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...
Cmseasy某处存在存储型XSS及代码分析(1)
简要描述: 最新版cmseasy存在存储型xss 版本:CmsEasy5.5UTF-820140415 详细说明: 在bbs下的所有POST提交,都会经过bbspublic.php文件里的removexss函数过滤。如下: 可以看到所有POST数据会到dxss函数里 跟进dxss,可以看到数据又来到了removexss里 继续跟进removexss,从图中的1中可以看到removexss首先过滤了一些特殊符号,接着看图中2处,用循环做了一个html实体解码,接着在图中3处用了htmlentitydecode再次进行了一次解码,然后用if判断判断如果还有html编码就exit。...
destoon最新版某敏感功能xss指哪打哪
简要描述: 之前提交过,官方说补了 http://www.wooyun.org/bugs/wooyun-2014-053573 于是我看看修补以后的效果。 详细说明: 这是最新版的过滤富文本xss的函数: 已经解决了之前的问题。用expressi0n替换了expression。看似似乎没问题了。 其实还有各种问题。IE还有一个容错特性,那就是expression,其中加斜杠\,在IE6789上是可以触发的(当然我没测试更高版本)。所以,利用这个特性,可以绕过dsafe函数的过滤。 这时候,我们测试: 照弹无误:...
Thinksaas存储型XSS
简要描述: 点击触发,因为多处调用的同一个函数所以多处存在问题 之前还交过一个它的sql注入一个越权。。求审核……审核……核 详细说明: Thinksaas是一款轻量级开源社区系统,界面我很喜欢。官网在http://www.thinksaas.cn/。 因为是一个类似论坛的社区,所以前台难免会有富文本编辑器,而处理不好富文本的话就容易产生XSS。自从看了M老师的文章,我对XSS也有了进一步的认识,所以才能找到Thinksaas过滤不严的XSS。 我们先看它使用的哪个函数对XSS进行的过滤,\thinksaas\tsFunction.php中: / 过滤脚本代码 @param unknow...
Sql injection
Multiple SQL injection vulnerabilities in Simple Machines Forum SMF before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a 1 HTML entity or 2 display name. NOTE: some of these details are obtained from third party information...
CVE-2011-3615
Multiple SQL injection vulnerabilities in Simple Machines Forum SMF before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a 1 HTML entity or 2 display name. NOTE: some of these details are obtained from third party information...
Mozilla Firefox 2.0.0.16 Buffer Overflow
!/usr/bin/python FireFox 2.0.0.16 Windows XP SP3 x86 Remote Exploit Author: Dominic Chell Exploits the UTF-8 URL overflow vulnerability described in CVE-2008-0016. As of September 2009 there are no public exploits for this vulnerability. However, according to securityfocus an exploit is available...
php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...
CVE-2008-5557
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...
[SA19383] PHP "html_entity_decode()" Information Disclosure Vulnerability
TITLE: PHP "htmlentitydecode" Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA19383 VERIFY ADVISORY: http://secunia.com/advisories/19383/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: PHP 4.3.x http://secunia.com/product/922/ PHP 4.4.x...
IBM Informix Web DataBlade: Auto-decoding HTML entities
IBM Informix Web DataBlade: Auto-decoding HTML entities By Simon Lodal, Denmark Vendor status: Notified months ago, said they would be working on updates, never heard anything. Software: Web DataBlade 4.12, IDS 9.20/9.21, Linux 2.2/2.4, SunOS 5.7 OS, IDS and WDB versions seem to be irrelevant...