32 matches found
EUVD-2010-2772
Malware in sbrugna...
EUVD-2008-1472
Malware in sbrugna...
EUVD-2019-0766
Malware in sbrugna...
EUVD-2006-5703
Malware in sbrugna...
EUVD-2013-2017
Malware in sbrugna...
EUVD-2007-1051
Malware in sbrugna...
EUVD-2008-0018
Malware in sbrugna...
EUVD-2013-4729
Malware in sbrugna...
EUVD-2009-4426
Malware in sbrugna...
XXE in PHPSpreadsheet due to encoding issue
securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...
PhpSpreadsheet 1.5.0 XXE vulnerability reproduction and analysis-vulnerability warning-the black bar safety net
0x01 introduction PhpSpreadsheet is a very popular pure PHP class library that allows you to easily read and write Excel, LibreOffic Calc and other spreadsheet file formats, is PHPExcel alternative. 2018 11 October 13, PhpSpreadsheet was broke presence of the XXE vulnerability, CVE-2018-19277, in...
Cross-site Scripting (XSS)
Python SimpleHTTPServer is vulnerable to cross-site scripting XSS. The listdirectory function in Lib/SimpleHTTPServer.py does not set a charset parameter in the Content-Type HTTP header, allowing an attacker to inject arbitrary Javascript through UTF-7 encoding into Internet Explorer 7 browser vi...
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)
Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability was identified within the PhpSpreadsheet...
Design/Logic Flaw
securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...
CVE-2018-19277
securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...
CVE-2013-2031
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...
CVE-2011-4940
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
Cross site scripting
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting. Fo...
Cross site scripting
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting XSS...