EUVD-2008-1218

Malware in sbrugna...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: CVE-2025-24201: Fixed out-of-bounds write vulnerability due to that WebGL context primitive restart can be toggled from WebContent process bsc1239547. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit

By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The...

CVE-2022-32922

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution...

Arbitrary Code Execution

webkitgtk4 is vulnerable to arbitrary code execution. The vulnerability exists as parsing web content can cause memory corruption...

CentOS Update for thunderbird CESA-2017:0238 centos7

Check the version of thunderbird SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882650";...

Authorization

The XML Data Archiving Service XML DAS in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to 1 webcontent/cas/casenter.jsp, 2...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 customername parameter to central/orders/searchcriteria.action; 2 productname, 3 availability, or 4 status parameter to...

IBM WebSphere MQ Telemetry安全绕过漏洞

Bugtraq ID:65897 CVE ID:CVE-2013-4054 IBM WebSphere MQ Telemetry将WebSphere MQ提供的通用信息主干扩展到了大范围的远程遥感器、传动器和遥测设备。 IBM WebSphere MQ Telemetry不正确过滤用户提交的URL请求，允许远程攻击者利用漏洞绕过限制访问WebContent目录之外的文件内容。 0 IBM WebSphere MQ Telemetry 7.5 厂商补丁： IBM ----- IBM WebSphere MQ Telemetry 7.5.0.3已经修复该漏洞，建议用户下载更新：...

[email protected] WebContent CMS Multiple SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================================= email protected WebContent CMS Multiple SQL Injection Vulnerability =============================================================...

CVE-2008-1209

Cross-site scripting XSS vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1209

Cross-site scripting XSS vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1209

CVE-2008-1209 documents a cross-site scripting (XSS) vulnerability in redirect.do within Xitex WebContent M1 . The issue arises from the sid parameter, enabling remote attackers to inject arbitrary web script or HTML. This is the stated impact and vector as described in the CVE records; exploitat...