4729 matches found
When a 'Hacker News' Reader Tricked Me into visiting this Amazing Site (Don't Click at Work)
My usual bed routine is to check comments under my articles before I go to sleep. The same I was doing last night, but something weird happened to me. Someone posted a mysterious short link without any text below one of my articles on our official 'The Hacker News' Facebook Page, and with the...
Code injection
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code...
CVE-2015-5825
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code...
CVE-2015-5825
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code...
Vimeo: XSS on vimeo.com | "Search within these results" feature (requires user interaction)
Description When you search in pages such as the videos of some Category or the videos of some User, and you receive more than 0 results, the path of the URL is put in the attribute data-start-page of a element without escaping. This allows to insert another attribute like onmouseover to execute...
CVE-2015-1300
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...
CVE-2015-1300
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...
CVE-2015-1291
Removed by vendor...
CVE-2015-1300
Removed by vendor...
CVE-2015-1291
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...
CVE-2015-1300
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...
IP.Board 4.X - Stored XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: IP.Board 4.X Stored XSS Date: 27-08-2015 Software Link: https://www.invisionpower.com/ Exploit Author: snop. Contact: http://twitter.com/rabbitzorg Website: http://rabbitz.org Category: webapps 1. Description A registered or...
ModX Revolution 2.3.5-pl Cross Site Scripting Vulnerability
ModX Revolution version 2.3.5-pl suffers from a reflective cross site scripting vulnerability. ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability Security Advisory – Curesec Research Team 1. Introduction Affected Product: ModX Revolution 2.3.5-pl Fixed in: not fixed Fixed...
Analysis of the latest firefox 0day attack-vulnerability warning-the black bar safety net
! /Article/UploadPic/2015-8/2015813114114594.jpg The Mozilla Foundation in the 8 May 6, as Firefox released a security update to fix the Firefox embedded PDF reader pdf. js in the cve-2 0 1 5-4 4 9 5 vulnerability. The vulnerability allows an attacker to bypass the same origin policy,in the local...
CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...
Design/Logic Flaw
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...
CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...
CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...
CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...
Xceedium Xsuite - Multiple Vulnerabilities
Xceedium Xsuite - Multiple Vulnerabilities See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt --------------------------------------------------------------------- modzero Security Advisory: Multiple Vulnerabilities in Xceedium Xsuite MZ-15-02...