Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

We’ve had it beaten into our brains: Before you go wily-nily clicking on a page, check the URL. First things first, the tried-and-usually-but-not-always-true advice goes, check that the site’s URL shows “https,” indicating that the site is secured with TLS/SSL encryption. If only it were that eas...

Sanitize has an unspecified vulnerability

Sanitize is an HTML and CSS cleaner by Ryan Grove, an individual developer in the United States, which supports removing HTML and CSS from strings and more. A security vulnerability exists in Smartstore version 4.1.1. The vulnerability stems from the fact that the program will not call...

Updated messagelib packages fix a security vulnerability

In KDE KMail, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended...

Design/Logic Flaw

In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended...

Valve: Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message

Overview Counter-Strike: Global Offensive's UI is built of a framework called Panorama which is heavily influenced by modern HTML/CSS with JS capabilities. Because of these properties, the UI becomes easily vulnerable to different types of code injection, most notably XSS. Previously, it was...

Roundcube Webmail < 1.3.10 Information Disclosure Vulnerability

Roundcube Webmail is prone to an information disclosure vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Fedora Update for php-Smarty2 FEDORA-2018-7adf863a47

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...

Design/Logic Flaw

In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...

CVE-2019-10734

In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...

CVE-2019-10732

In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...

Design/Logic Flaw

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the...

CVE-2019-10735

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...

CVE-2019-10735

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...

CVE-2019-10732

CVE-2019-10732 affects KDE PIM’s messagelib/KMail: an attacker who has S/MIME or PGP encrypted emails can wrap the ciphertext in a crafted multipart message; by hiding parts with HTML/CSS or newline tricks, the attacker can cause the recipient to leak plaintext back when replying. Connected advis...

html-social-share-buttons

It is an HTML/CSS/JavaScript library for adding social media sha...

AppFish Offline Coder 2.2 Persistent Script Insertion

Document Title: =============== AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1252 Release Date: ============= 2014-04-08 Vulnerability Laboratory ID VL-ID:...

Microsoft Internet Explorer EOT File hdmx Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion...

HUBScript 1 Cross Site Scripting

-----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

Microsoft IE HTML渲染内存破坏漏洞（MS06-067）

Internet Explorer是一款非常流行的WEB浏览器。 Internet Explorer在解析HTML CSS的float属性时存在漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 如果处理了HTML页面中的特制div标签的话，就会触发内存破坏，导致执行任意代码。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 将Internet和本地Intranet安全区域设置设为“高”，以便在这些区域中运行ActiveX控件和活动脚本之前进行提示。 将Internet...