1575 matches found
CVE-2018-5167
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...
Code injection
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...
CVE-2018-5167
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...
CVE-2018-5167
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...
CVE-2018-5167
The CVE-2018-5167 issue affects Mozilla Firefox prior to version 60, where the web console and JavaScript debugger fail to sanitize all hyperlink-output. This can cause chrome: and javascript: links to render as active hyperlinks, enabling potential user interaction with internal pages via malici...
chromium-browser: Restrictions bypass in the debugger extension API
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...
chromium-browser: Restrictions bypass in the debugger extension API
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...
Google Chrome Restriction Bypass Vulnerability (CNVD-2018-12604)
Google Chrome is a web browser developed by Google Google. debugger extension API is one of the debugger extension API. A security vulnerability exists in the debugger extension API in Google Chrome versions prior to 67.0.3396.62. A remote attacker can exploit this vulnerability with the help of ...
Google Chrome Restriction Bypass Vulnerability (CNVD-2018-11508)
Google Chrome is a web browser developed by Google Google. debugger extension API is one of the debugger extension API. A security vulnerability exists in the debugger extension API in Google Chrome versions prior to 67.0.3396.62. A remote attacker can exploit this vulnerability with the help of ...
CVE-2018-6140
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 34 security fixes in this release, including: 835639 High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22 840320 High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07 818592 High...
PT-2018-11027 · Node.Js +2 · Node.Js +2
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 6.15.0 Description: The issue allows remote computers to attach to the debug port and evaluate arbitrary JavaScript when the debugger is enabled with node --debug or node debug, as it listens on all interfaces by...
CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
UBUNTU-CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
Remote code execution
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
[SECURITY] Fedora 26 Update: seamonkey-2.49.3-1.fc26
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...
UBUNTU-CVE-2018-5167
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...
Zend Server Zend Debugger Cross-Site Scripting Vulnerability
Zend Server is a PHP Web development application server from Zend Technologies , which simplifies the development and running of PHP applications in Windows and Linux environments.Zend Debugger is one of the debugging tools. A cross-site scripting vulnerability exists in Zend Debugger in versions...