libxml2: Out-of-bounds memory access

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

libxml2: Buffer overread with XML parser in xmlNextChar

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information...

libxml2: Out-of-bounds memory access

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

The vulnerability of the Firefox browser allows a violator to circumvent domain restrictions and breach data confidentiality.

The vulnerability of Firefox browsers is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass access controls and compromise data confidentiality using a specially crafted HTML document...

Cisco Firepower 9000 Series Switches HTML Injection Vulnerability

Cisco Firepower 9000 Series Switches are Cisco 9000 series switch products. An HTML injection vulnerability exists in Cisco Firepower 9000 Series Switches. This vulnerability allows remote attackers to execute arbitrary HTML or script code in the context of an affected browser to steal cookie-bas...

Mozilla Firefox HTTP Authentication Information Disclosure Vulnerability

Mozilla Firefox is an open source web browser. Mozilla Firefox uses NTLM v1 to perform HTTP authentication with a security vulnerability that allows remote attackers to build specially crafted Web sites to trick users into parsing for sensitive domain information...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2015-07430)

Mozilla Firefox is an open source web browser. A security vulnerability exists in the Mozilla Firefox Search feature, which allows attackers to read log files and access file: URLs of HTML documents...

UBUNTU-CVE-2015-5660

Cross-site request forgery CSRF vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code...

Cisco Email Security Appliance File Descriptor System Overload Vulnerability

The Cisco Email Security Appliance is a widely used email encryption gateway that seamlessly encrypts, decrypts, and digitally signs confidential email. A security vulnerability exists in the Cisco Email Security Appliance that allows remote attackers to exploit the vulnerability by submitting a...

The vulnerability of the iOS operating system, which allows a hacker to obtain the user’s password

The vulnerability of the HTML component implementation in WebKit of the iOS operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain the user’s password...

The vulnerability of Microsoft Lync Server’s messaging server allows a hacker to inject arbitrary web or HTML code.

The vulnerability of Microsoft Lync Server’s messaging server exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code through a specially crafted URL...

PHP 'php_var_unserialize()' function code execution vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A code execution vulnerability exists in PHP. An attacker could exploit this vulnerability to execute arbitrary code, which could also result in...

PHP 'valuePop()' Function Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A denial of service vulnerability exists in PHP. An attacker could exploit this vulnerability to cause a denial of service...

PHP PCRE extension has multiple vulnerabilities

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. PHP suffers from a heap buffer overflow and denial of service vulnerability in the PCRE extension, which can be exploited by an attacker to cause an applicatio...

Gazou BBS plus vulnerability in file upload processing

Overview Gazou BBS plus provided by LEMON-S PHP contains a vulnerability in the processing of file uploads. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An image file may be specially crafted t...

PHP Remote Denial of Service Vulnerability

PHP foreign name: PHP: Hypertext Preprocessor, Chinese name: "Hypertext Preprocessor" is a general-purpose open source scripting language. PHP has a remote denial of service vulnerability that can be exploited by attackers to crash an application and deny service to legitimate users...

php: Double-free in zend_ts_hash_graceful_destroy()

A double free flaw was found in zendtshashgracefuldestroy function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash...

Sinapsi eSolar Light Plaintext Password Disclosure Vulnerability

Sinapsi eSolar Light is a monitoring system for use within solar applications from the Italian company Sinapsi. A security vulnerability in Sinapsi eSolar Light allows a remote attacker to read the HTML source code in the mail-configuration page to obtain a clear-text password and use it for...

The vulnerability of Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome’s browser, based on cross-site scripting, allows a malicious actor to inject arbitrary HTML code by creating special pointers to the “Browser Favorites” element...

UBUNTU-CVE-2015-1263

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...