CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

CVE-2016-1648

Google Chrome vulnerability CVE-2016-1648 is a use-after-free in the Extensions implementation (renderer/loadtimes_extension_bindings.cc GetLoadTimes) that could allow remote disruption via crafted JavaScript. Affected product: Chrome before 49.0.2623.108; remediation: update to 49.0.2623.108 or ...

CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

UBUNTU-CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

Surge in Spam Campaign Delivering Locky Ransomware Downloaders

FireEye Labs is detecting a significant spike in Locky ransomware downloaders due to a pair of concurrent email spam campaigns impacting users in over 50 countries. Some of the top affected countries are depicted in Figure 1. Figure 1. Affected countries As seen in Figure 2, the steep spike start...

Gratipay: auto-logout after 20 minutes

Hi, Session is not getting expired even after keeping the application idle for 20 min and after browser closure. Information: JavaScript code can be used by the web application in all or critical pages to automatically logout client sessions after the idle timeout expires, for example, by...

WordPress SiteMile Project 2.0.9.5 Theme - Multiple Vulnerabilities

Exploit for php platform in category web applications Wordpress ProjectTheme Multiple Vulnerabilities - - ------------------------------------------------------------ Affected Version ================ Project Theme: 2.0.9.5 Problem Overview ================ Technical Risk: high Likelihood of...

Design/Logic Flaw

The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8helpers.h and gin/converter.h...

CVE-2016-1632

Removed by vendor...

CVE-2016-1632

The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8helpers.h and gin/converter.h...

CVE-2016-2844

WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service incorrect cast and assertion failure or possibly have unspecified other...

CVE-2016-2275

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code...

Improper access control

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code...

CVE-2016-2275

CVE-2016-2275 affects Advantech/B+B SmartWorx VESP211-EU (firmware 1.7.2) and VESP211-232 (firmware 1.5.1 and 1.7.2). The web interface relies on client-side authentication, permitting remote attackers to perform administrative actions by modifying JavaScript. Exposure is via network-accessible w...

CVE-2016-2275

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code...

Vesta Control Panel 0.9.8-15 Cross Site Scripting

Exploit Title :Vesta Control Panel " http://victimserver 3. We wait Administrator to read access.log that injected our evil.js 4. We log-in VestaCP via password we changed https:...

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting Exploit Title :Vesta Control Panel " http://victimserver 3. We wait Administrator to read access.log that injected our evil.js 4...

CVE-2016-1622

The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

Microsoft Edge ASLR Bypass (MS16-011: CVE-2016-0080)

An ASLR bypass vulnerability exists in Microsoft Edge. A remote attacker could exploit this issue by convincing target users to view a web page containing malicious JavaScript code with an effected version of Microsoft Edge. Successful exploitation could allow an attacker to gain the same user...

Code injection

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact vi...