439 matches found
PYSEC-2017-14
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
PYSEC-2017-15
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
CVE-2016-9909
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
CVE-2016-9910
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
CVE-2016-9909
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
CVE-2016-9909
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
CVE-2016-9910
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
PEAR HTML_AJAX 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability
Exploit for php platform in category web applications --------------------------------------------------------------------------- PEAR HTMLAJAX = 0.5.7 PHP Serializer PHP Object Injection Vulnerability --------------------------------------------------------------------------- - Software Link:...
Design/Logic Flaw
PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...
CVE-2017-5677
PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...
PT-2017-10385 · Html5Lib +1 · Html5Lib +1
Name of the Vulnerable Software and Affected Versions: html5lib versions prior to 0.99999999 Description: The issue concerns the mishandling of the character in attribute values by the serializer in html5lib, potentially allowing remote attackers to conduct cross-site scripting XSS attacks...
PT-2017-10386 · Html5Lib +1 · Html5Lib +1
Name of the Vulnerable Software and Affected Versions: html5lib versions prior to 0.99999999 Description: The issue concerns the serializer in html5lib, which might allow remote attackers to conduct cross-site scripting XSS attacks. This is due to the mishandling of special characters in attribut...
Google Chrome Blink Serializer::doSerialize Bad Cast
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the ninth entry in that series, and the first to not target a Microsoft browser. The below information is available in more detail on my blog at...
Metasploit config.action_dispatch.cookies_serializer deserialization vulnerability
Metasploit is an open source security vulnerability detection tool that helps security and IT professionals identify security issues, validate mitigations for vulnerabilities, and manage expert-driven security for assessments that provide true security risk intelligence. A deserialization...
chromium-browser: type confusion in blink
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly ha...
CVE-2016-5161
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly ha...
Choronzon - An Evolutionary Knowledge-Based Fuzzer
An evolutionary knowledge-based fuzzer Introduction This document aims to explain in brief the theory behind Choronzon . Moreover, it provides details about its internals and how one can extend Choronzon to meet new requirements. An overview of the architecture of Choronzon was initially presente...
UBUNTU-CVE-2016-5161
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly ha...
USN-2860-1 oxide-qt vulnerabilities
A race condition was discovered in the MutationObserver implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the...
CVE-2015-6790
Removed by vendor...