[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 80824 Download | Alert*

Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability.

A cross-site-scripting vulnerability has been discovered in the login form of the Shibboleth identity provider module for Wordpress.

The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a code injection attack into a browser consuming sanitized output.

Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the "relaxed" or a custom config allowing certain elements. Content in a <math> or <svg> element may not be sanitized correctly even if math and svg are not in the allowlist.

Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input ...

Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input ...

Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input ...

Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input ...

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker could elevate their access privileges to tables created by other database users. Note: This attack does ...

ruby-sanitize: allowlist-based HTML and CSS sanitizer Sanitize could be made to perform XSS attacks if it received specially crafted input.


Pages:      Start    7961    7962    7963    7964    7965    7966    7967    7968    7969    7970    7971    7972    7973    7974    ..   8082

© SecPod Technologies