61 matches found
Information Disclosure in the PAN-OS Management Web Interface
A local privilege escalation vulnerability exists in the PAN-OS management web interface that allows the administrator to access the password hashes of local users by manipulating the HTML markup. Ref. PAN-91564; CVE-2018-9334 Successful exploitation of this issue requires the attacker to be...
Cross site request forgery (csrf)
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery CSRF vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be us...
CVE-2018-1000053
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery CSRF vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be us...
actionpack Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML...
The vulnerability of the CAttrArray object implementation in Internet Explorer browsers allows a perpetrator to trigger a service failure or execute arbitrary code.
The vulnerability of the CAttrArray service implementation in Internet Explorer exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service failures such as type mismatches and memory corruption by using a...
Keybase: Universal Cross-Site Scripting in Keybase Chrome extension
Description The Keybase Chrome extension makes heavy use of the insecure innerHTML DOM API, resulting in Universal Cross-Site Scripting on all Keybase-supported social networking websites. Steps to reproduce the issue 1. Install the Keybase Chrome extension 2. Navigate to the following URL addres...
[SECURITY] Fedora 25 Update: elog-3.1.1-7.fc25
ELOG is part of a family of applications known as weblogs. Their general purpose is: 1. To make it easy for people to put information online in a chronological fashion, in the form of short, time-stamped text messages "entries" with optional HTML markup for presentation, and optional file...
RHEL 6 : Subscription Asset Manager (RHSA-2013:0686)
Red Hat Subscription Asset Manager 1.2.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
Moderate: Red Hat Security Advisory: Subscription Asset Manager 1.2.1 update
Red Hat Subscription Asset Manager 1.2.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
CVE-2012-3465
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...
CVE-2012-3465
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...
CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...
Certain characters in HTML can incorrectly be ignored, which can facilitate XSS attacks – Opera Security Advisories
Sites that allow content to be provided by untrusted users, such as forums and blogging sites, typically sanitize the untrusted content to ensure that it does not contain any harmful content, such as malicious scripts. When certain characters appear at specific locations within HTML markup, they...
Design/Logic Flaw
common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service infinite loop via malformed HTML markup, as demonstrated by an a sequence...
CVE-2011-1952
common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service infinite loop via malformed HTML markup, as demonstrated by an a sequence...
CVE-2011-1952
CVE-2011-1952 affects Post Revolution up to version 0.8.0c. The DoS arises from a faulty loop in common.php when stripping non-permitted HTML: an attacker can trigger an infinite loop by posting crafted HTML (e.g., a
Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
This host is missing a critical security update according to Microsoft Bulletin MS09-046. OpenVAS Vulnerability Test $Id: secpodms09-046.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability 956844 Authors: Sharath S Copyright: Copyrigh...
Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
This host is missing a critical security update according to Microsoft Bulletin MS09-046. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2009-2519
The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component...
CVE-2009-2519
The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component...