19 matches found
ROS-20251105-03
A vulnerability in the Apache Log4cxx C++ logging framework is related to insufficient cleanup of the user-supplied data when using an ODBC appender to send log messages to a database. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL queries in th...
[SECURITY] [DLA 4322-1] log4cxx security update
Debian LTS Advisory DLA-4322-1 [email protected] https://www.debian.org/lts/security/ Lukas Märdian October 05, 2025 https://wiki.debian.org/LTS Package : log4cxx Version : 0.11.0-2+deb11u1 CVE ID : CVE-2025-54812 CVE-2025-54813 Debian Bug : 1111879 1111881 Multiple vulnerabilities were...
Debian dla-4322 : liblog4cxx-dev - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4322 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4322-1 [email protected]...
Linux Distros Unpatched Vulnerability : CVE-2025-54812
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HT...
Apache Log4cxx Cross-Site Scripting Vulnerability
Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . A cross-site scripting vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from HTMLLayout not properly escaping logger names, and can be exploited by an...
CVE-2025-54812
A flaw was found in log4cxx. When using HTMLLayout, logger names are not properly escaped. This vulnerability allows an attacker to provide untrusted data as a logger name to inject arbitrary HTML content into log output files. This issue can lead to cross-site scripting vulnerabilities if the HT...
Improper Output Neutralization for Logs
Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTMLLayout class. An attacker can execute arbitrary HTML or JavaScript code by injecting malicious content into the logger name, which is then written to the HTML log file and subsequently...
CVE-2025-54812 Apache Log4cxx: Improper HTML escaping in HTMLLayout
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...
Apache Log4cxx 安全漏洞
Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . A cross-site scripting vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from HTMLLayout not properly escaping logger names, and can be exploited by an...
PT-2025-34481
Name of the Vulnerable Software and Affected Versions: Apache Log4cxx versions prior to 1.5.0 Description: Apache Log4cxx contains an Improper Output Neutralization for Logs issue. When using HTMLLayout, logger names are not properly escaped when writing to an HTML file. If untrusted data is used...
Microsoft Internet Explorer 11 MSHTML - CGeneratedContent::HasGeneratedSVGMarker
Exploit for windows platform in category dos / poc window.onload = function document.getElementsByTagName"iframe"0.src = "repro-iframe.html"; Description Internally MSIE uses various lists of linked CTreePos objects to represent the DOM tree. For HTML/SVG elements a CTreeNode element is...
Microsoft Internet Explorer 11 - MSHTML 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion
window.onload = function document.getElementsByTagName"iframe"0.src = "repro-iframe.html"; Description Internally MSIE uses various lists of linked CTreePos objects to represent the DOM tree. For HTML/SVG elements a CTreeNode element is created, which embeds two CTreePos instances: one tha...
Microsoft Internet Explorer CSS Regions Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4073)
Mozilla XULRunner 1.9.1 was updated to version 1.9.1.17, fixing various security issues. Following security issues were fixed: MFSA 2010-74 / CVE-2010-3777: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products...
Internet Explorer HtmlLayout Remote Code Execution (MS12-010; CVE-2012-0011)
A remote code execution vulnerability has been reported in Internet Explorer...
SuSE 11.1 Security Update : Mozillla Firefox (SAT Patch Number 4104)
Mozilla Firefox has been updated to version 3.6.15, fixing the following security issues : - Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products have been identified and fixed. Some of these bugs showed evidence of memory corruption under certain...
Memory corruption
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."...
CVE-2006-3637
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."...
Microsoft Internet Explorer HTML Layout and Positioning Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser renders HTML with certain layout and positioning combinations. An attacker could exploit this issue to execute arbitrary code in the context of the user...