Lucene search
+L

439 matches found

OSV
OSV
added 2017/02/22 4:59 p.m.17 views

PYSEC-2017-14

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...

6.1CVSS5.1AI score0.02141EPSS
Exploits0References8
OSV
OSV
added 2017/02/22 4:59 p.m.18 views

PYSEC-2017-15

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...

6.1CVSS4.4AI score0.02141EPSS
Exploits0References8
OSV
OSV
added 2017/02/22 4:59 p.m.18 views

CVE-2016-9909

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...

6.1CVSS5.8AI score
Exploits0References7
Debian CVE
Debian CVE
added 2017/02/22 4:0 p.m.66 views

CVE-2016-9910

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...

6.1CVSS6AI score0.02141EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/02/22 4:0 p.m.57 views

CVE-2016-9909

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...

6.1CVSS5.9AI score0.02141EPSS
Exploits0
Cvelist
Cvelist
added 2017/02/22 4:0 p.m.24 views

CVE-2016-9909

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...

5.8AI score0.02141EPSS
Exploits0References7
Cvelist
Cvelist
added 2017/02/22 4:0 p.m.28 views

CVE-2016-9910

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...

5.9AI score0.02141EPSS
Exploits0References7
0day.today
0day.today
added 2017/02/07 12:0 a.m.48 views

PEAR HTML_AJAX 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability

Exploit for php platform in category web applications --------------------------------------------------------------------------- PEAR HTMLAJAX = 0.5.7 PHP Serializer PHP Object Injection Vulnerability --------------------------------------------------------------------------- - Software Link:...

7.5CVSS9.2AI score0.04826EPSS
Exploits2
Prion
Prion
added 2017/02/06 6:59 p.m.19 views

Design/Logic Flaw

PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...

7.5CVSS9.8AI score0.04826EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2017/02/06 6:59 p.m.15 views

CVE-2017-5677

PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...

9.8CVSS9.9AI score0.04826EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2017/01/03 12:0 a.m.6 views

PT-2017-10385 · Html5Lib +1 · Html5Lib +1

Name of the Vulnerable Software and Affected Versions: html5lib versions prior to 0.99999999 Description: The issue concerns the mishandling of the character in attribute values by the serializer in html5lib, potentially allowing remote attackers to conduct cross-site scripting XSS attacks...

6.1CVSS6AI score0.02141EPSS
Exploits0References27
Positive Technologies
Positive Technologies
added 2017/01/03 12:0 a.m.6 views

PT-2017-10386 · Html5Lib +1 · Html5Lib +1

Name of the Vulnerable Software and Affected Versions: html5lib versions prior to 0.99999999 Description: The issue concerns the serializer in html5lib, which might allow remote attackers to conduct cross-site scripting XSS attacks. This is due to the mishandling of special characters in attribut...

6.1CVSS6.2AI score0.02141EPSS
Exploits0References27
Packet Storm
Packet Storm
added 2016/11/12 12:0 a.m.27 views

Google Chrome Blink Serializer::doSerialize Bad Cast

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the ninth entry in that series, and the first to not target a Microsoft browser. The below information is available in more detail on my blog at...

0.4AI score
Exploits0
CNVD
CNVD
added 2016/09/21 12:0 a.m.3 views

Metasploit config.action_dispatch.cookies_serializer deserialization vulnerability

Metasploit is an open source security vulnerability detection tool that helps security and IT professionals identify security issues, validate mitigations for vulnerabilities, and manage expert-driven security for assessments that provide true security risk intelligence. A deserialization...

8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/09/12 7:39 p.m.7 views

chromium-browser: type confusion in blink

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly ha...

8.8CVSS7.4AI score0.01399EPSS
Exploits0References5
OSV
OSV
added 2016/09/11 10:59 a.m.4 views

CVE-2016-5161

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly ha...

8.8CVSS7.2AI score0.01399EPSS
Exploits0References13
Kitploit
Kitploit
added 2016/09/10 2:30 p.m.10 views

Choronzon - An Evolutionary Knowledge-Based Fuzzer

An evolutionary knowledge-based fuzzer Introduction This document aims to explain in brief the theory behind Choronzon . Moreover, it provides details about its internals and how one can extend Choronzon to meet new requirements. An overview of the architecture of Choronzon was initially presente...

7.2AI score
Exploits0References1
OSV
OSV
added 2016/09/02 12:0 a.m.3 views

UBUNTU-CVE-2016-5161

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly ha...

8.8CVSS7.2AI score0.01399EPSS
Exploits0References4
OSV
OSV
added 2016/01/11 5:1 p.m.6 views

USN-2860-1 oxide-qt vulnerabilities

A race condition was discovered in the MutationObserver implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the...

10CVSS7.6AI score0.05233EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2015/12/14 11:0 a.m.65 views

CVE-2015-6790

Removed by vendor...

4.3CVSS9.3AI score0.01364EPSS
Exploits0
Rows per page
Query Builder