28 matches found
EUVD-2011-2829
Malware in sbrugna...
EUVD-2017-0289
Malware in sbrugna...
Roundcube Webmail 1.5.x < 1.5.8 / 1.6.x < 1.6.8 Multiple Vulnerabilities
The remote web server is running Roundcube Webmail version 1.5.x prior to 1.5.8 or 1.6.x prior to 1.6.8. It is, therefore, affected by multiple vulnerabilities. - A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote...
CVE-2024-42010
modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...
BIT-ROUNDCUBE-2021-26925
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...
Roundcube Webmail < 1.4.11 XSS Vulnerability
Roundcube Webmail is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Cross-site Scripting (XSS)
roundcube is vulnerable to cross-site scripting XSS. The vulnerability exists through specific CSS token sequences during HTML email rendering which allows an attacker to inject and execute arbitrary javascript...
CVE-2021-26925
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...
UBUNTU-CVE-2021-26925
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...
Mozilla Firefox Multiple Vulnerabilities - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Design/Logic Flaw
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...
CVE-2015-4497
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...
CVE-2015-4497
CVE-2015-4497 affects Mozilla Firefox (and Iceweasel) prior to Firefox 40.0.3 and Firefox ESR prior to 38.2.1, due to a use-after-free in CanvasRenderingContext2D when a canvas is resized during restyling. This can allow a remote attacker to execute arbitrary code. Remediation: upgrade to Firefox...
Mozilla: Use-after-free when resizing canvas element during restyling (MFSA 2015-94)
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...
CVE-2015-4497
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...
CVE-2014-1576
CVE-2014-1576 is a heap-based buffer overflow in nsTransformedTextRun used when parsing CSS token sequences that trigger capitalization changes in Mozilla Firefox
Mozilla: Buffer overflow during CSS manipulation (MFSA 2014-75)
Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets CSS token sequences that trigger changes to capitalization...
CVE-2013-3909
Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different 1 domain or 2 zone via crafted characters in Cascading Style Sheets CSS token sequences, aka "Internet Explorer Information Disclosure Vulnerability."...
Code injection
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets CSS token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."...
CVE-2011-2347
Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets CSS token sequences, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...