EUVD-2004-1611

Malware in sbrugna...

EUVD-2007-0989

Malware in sbrugna...

EUVD-2017-3116

Malware in sbrugna...

Measuring Modern Phishing Tactics: a Quantitative Study of Body Obfuscation Prevalence, Co-Occurrence, and Filter Impact

Phishing attacks frequently use email body obfuscation to bypass detection filters, but quantitative insights into how techniques are combined and their impact on filter scores remain limited. This paper addresses this gap by empirically investigating the prevalence, co-occurrence patterns, and...

CVE-2024-34710 Wiki.js Stored XSS through Client Side Template Injection

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection ...

KaTeX 安全漏洞

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. A security vulnerability existed prior to KaTeX version v0.16.10, which arose from the fact that KaTeX users rendering untrusted mathematical expressions could encounter malicious input using includegraphics runnin...

SUSE CVE-2004-1617

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service infinite loop via a web page or HTML email that contains invalid HTML including 1 a TEXTAREA tag with a large COLS value and 2 a large tag name in an element that is not terminated, as demonstrated ...

SUSE CVE-2007-0995

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions...

SUSE CVE-2007-4999

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service NULL dereference and application crash via a message that contains invalid HTML data, a different vector than CVE-2007-4996...

split-html-to-chars denial of service vulnerability

split-html-to-chars is used to split HTML into characters. A denial of service vulnerability exists in split-html-to-chars v1.0.5, which can be exploited by an attacker to cause a denial of service when splitting crafted invalid html...

PT-2022-11325 · Unknown · Split-Html-To-Chars

Name of the Vulnerable Software and Affected Versions: split-html-to-chars version 1.0.5 Description: A Regular Expression Denial of Service ReDOS issue was found in the software when it processes crafted invalid HTML. This occurs due to inefficient regular expression patterns that can lead to...

Cross-site scripting in Apache Tomcat

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, relat...

PT-2018-14219 · Google · Html Package

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions through 2018-09-25 Description: The issue is related to the html package mishandling certain HTML inputs, such as , leading to a "panic: runtime error" index out of range in nodeStack.pop or...

SIEMENS SIMATIC WinCC Add-On Gemalto Sentinel LDK RTE Component Denial of Service Vulnerability

SIMATIC WinCC is an automated data acquisition and supervisory control SCADA system.Gemalto Sentinel LDK RTE is a software protection and licensing solution. A denial of service vulnerability exists in the SIEMENS SIMATIC WinCC Add-On Gemalto Sentinel LDK RTE component, which can be exploited by...

CVE-2017-11498

Buffer overflow in hasplms in Gemalto ACC Admin Control Center, all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process a denial of service via a language pack ZIP file with invalid HTML files...

Buffer overflow

Buffer overflow in hasplms in Gemalto ACC Admin Control Center, all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process a denial of service via a language pack ZIP file with invalid HTML files...

CVE-2017-11498

Buffer overflow in hasplms in Gemalto ACC Admin Control Center, all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process a denial of service via a language pack ZIP file with invalid HTML files...

Cross site scripting

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter,...

tomcat: missing fix for CVE-2009-0781

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter,...

tomcat: XSS in Apache Tomcat calendar application

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, relat...