EUVD-2014-2605

Malware in sbrugna...

Cross-Site Scripting (XSS)

PhenX/php-font-lib is vulnerable to cross-site scripting XSS attacks. The attacker can inject arbitrary script via the name parameter since it does not encode it properly using the htmlentities method...

CVE-2014-2570

Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...

DEBIAN-CVE-2014-2570

Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...

CVE-2014-2570

Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...

UBUNTU-CVE-2014-2570

Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...

CVE-2014-2570

Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...

CVE-2014-2570

Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...

CVE-2014-2570

CVE-2014-2570 is an XSS in PHP Font Lib prior to 0.3.1. The vulnerability affects www/make_subset.php and allows remote injection of script/HTML via the name parameter. The affected library/version is PHP Font Lib before 0.3.1; a fix is available in the 0.3.1 release (e.g., commit d13682b7e27d14a...

CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting

========================================================== php-font-lib - Subset maker makesubset.php Reflected Cross-site Scripting Revision 1.0 ========================================================== Author: Daniel C. Marques @0xc0da Release date: 2014-03-23 Reference:...

php-font-lib 'name'参数跨站脚本漏洞

Bugtraq ID:66380 CVE ID:CVE-2014-2570 php-font-lib是一款读取，解析，导出不同字体类型文件的PHP库。 通过"name" GET参数传递给www/makesubset.php的输入在返回用户之前缺少过滤，允许远程攻击者利用漏洞构建恶意URI，诱使用户解析，可获取敏感信息或劫持用户会话。 0 php-font-lib 0.x php-font-lib 0.3.1已经修复该漏洞，建议用户下载更新： https://github.com/PhenX/php-font-lib...

php-font-lib 0.3 Cross Site Scripting

========================================================== php-font-lib - Subset maker makesubset.php Reflected Cross-site Scripting Revision 1.0 ========================================================== Author: Daniel C. Marques @0xc0da Release date: 2014-03-23 Reference:...