CVE-2014-0514

The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636...

Khan Academy: XSS at http://smarthistory.khanacademy.org

Hi, There is a SWF-based XSS : http://smarthistory.khanacademy.org/assets/flash/cozimo.swf?iceID=%22%29%29catch%28e%29alert%28%27XSS%27%29;// Opening the link would trigger JavaScript execution! Works in possibly any browser with Adobe Flash, i.e - Chrome, Firefox Thanks!...

Design/Logic Flaw

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service resource consumption and application hang via onbeforeunload events that trigger background JavaScript execution...

CVE-2014-1500

CVE-2014-1500 affects Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25. The issue allows remote attackers to cause resource exhaustion and application hang via onbeforeunload events that trigger background JavaScript execution. Exploitation details are not provided in the available docum...

CVE-2014-1500

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service resource consumption and application hang via onbeforeunload events that trigger background JavaScript execution...

Mozilla: Privilege escalation using WebIDL-implemented APIs (MFSA 2014-29)

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...

CVE-2014-1500

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service resource consumption and application hang via onbeforeunload events that trigger background JavaScript execution...

DrinkedIn BarFinder application安全绕过任意Javascript代码执行漏洞

CVE ID:CVE-2014-1887 DrinkedIn BarFinder application是一款基于安卓的应用。 当使用Adobe PhoneGap 2.9.0或之前版本时DrinkedIn BarFinder application存在安全漏洞，允许远程攻击者控制类似freelifetimecheating.com和www.babesroulette.com之类的站点，来执行任意JavaScript代码，获取地理信息。 0 DrinkedIn BarFinder application for Android 目前没有详细解决方案提供：...

MGASA-2014-0114 Updated otrs package fixes security vulnerability

An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695...

Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2119-1)

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker...

ownCloud 6.0.0a - Multiple Vulnerabilities

Exploit Title: ownCloud 6.0.0a File Deletion XSS and CSRF Protection Bypass Vendor Homepage: www.ownCloud.org OwnCloud Version: 6.0.0a Browsers tested: Iceweasel 22.0; Internet Explorer 11; Server: Debian. Default LAMP set-up. Exploit Author: James Sibley absane Blog: http://blog.noobroot.com...

Updated ganglia-web package fixes security vulnerability

XSS issue in ganglia-web makes it possible to execute JavaScript in victims' browser after tricking the victim into opening a specially crafted URL CVE-2013-6395...

MGASA-2013-0361 Updated ganglia-web package fixes security vulnerability

XSS issue in ganglia-web makes it possible to execute JavaScript in victims' browser after tricking the victim into opening a specially crafted URL CVE-2013-6395...

CVE-2013-5598

PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object...

Google Translate Open Redirection

Summary The issue being described below affects google translate and is not exactly an open redirect. However the results can be the same under certain conditions. The following issue can be used as an open redirect when: Potential victim must not block javascripts from being executed in his/her...

Good for Enterprise 2.2.2.1611 - XSS Vulnerability

Exploit for hardware platform in category web applications The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: alert'XSS Here'...

execution of javascript from filename

Steps to replicate: Add an attachment Rename the file to ".txt" Copy its remove link and open the link in a new browser window Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen. Everything works normally if you just click the delete button rather than...

execution of javascript from filename

Steps to replicate: Add an attachment Rename the file to ".txt" Copy its remove link and open the link in a new browser window Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen. Everything works normally if you just click the delete button rather than...

Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

CVE-2013-3647

The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because...