Xerosploit - Efficient And Advanced Man In The Middle Framework

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap...

ILIAS Cross-Site Scripting Vulnerability

ILIAS is a Web-based learning management system. It provides course management, email, instant messaging, forums, group collaboration, file sharing, writing tools, exam systems, personal desktops, and more. Provides contextual help system for learning and writing. Supports CAS, SOAP, RADIUS, LDAP...

WordPress Contact Form To Email Plugin <= 1.1.47 - Cross Site Scripting

Because of this vulnerability, attackers can inject malicious JavaScript code into the application. Solution Update the plugin...

CVE-2016-5129

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

CVE-2016-5127

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

Design/Logic Flaw

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

Memory corruption

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

CVE-2016-5127

CVE-2016-5127 is a use-after-free vulnerability in Blink’s editing path (WebKit/Blink) affecting Google Chrome prior to 52.0.2743.82. The issue arises in WebKit/Source/core/editing/VisibleUnits.cpp and can be triggered by crafted JavaScript using an @import at-rule in a CSS token sequence with re...

CVE-2016-5129

CVE-2016-5129 refers to a memory corruption vulnerability in Google V8 (the JavaScript engine) used by Google Chrome. According to the sources, V8 before 5.2.361.32 on Chrome before 52.0.2743.82 fails to properly process left-trimmed objects, which could be exploited by crafted JavaScript to caus...

CVE-2016-5129

Removed by vendor...

CVE-2016-5129

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

The vulnerability of the Firefox browser, which allows a malicious actor to execute arbitrary code

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, by using a fragment of IDL to trigger the...

CodoForum 3.4 - Persistent Cross-Site Scripting

Exploit Title: Codoforum v3.4 Stored Cross-Site Scripting Stored XSS Google Dork: intext:"powered by codoforum" Date: 01/06/2016 Exploit Author: Ahmed Sherif OffensiveBits Vendor Homepage: http://codologic.com/page/ Software Link: http://codoforum.com/index.php Version: V3.4 Tested on: Linux Mint...

CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...

CVE-2016-1688

The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service out-of-bounds read via crafted JavaScript code...

CVE-2016-1679

The ToV8Value function in content/child/v8valueconverterimpl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via...

CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...

CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...

Code injection

The ToV8Value function in content/child/v8valueconverterimpl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via...

Out-of-bounds

The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service out-of-bounds read via crafted JavaScript code...