CVE-2015-5605

The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service application crash via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of...

Flippy My Life Stories 2.0 XSS Vulnerability

Flippy My Life Stories 2.0 is a CMS allowing to create a everyday story website. Usage Info 1: Go to http://website.fr/register.html 2: In "nickname" type Javascript code like alert2 3: Go to http://website.fr/userlogin.html and Log in 4: Click on "My Stories", it will lead you on the vulnerable...

CVE-2015-1284

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service invalid count value and use-after-free or possibly...

Novell GroupWise 2014 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-021 Product: GroupWise Vendor: Novell Affected Versions: 2014 Tested Versions: 2014 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Fixed Vendor Notification: 2015-05-04 Solution Date:...

Mozilla Firefox Multiple Security Bypass Vulnerability (Jul 2015) - Mac OS X

Mozilla Firefox is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2015-2727

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a...

CVE-2015-2727

CVE-2015-2727 affects Mozilla Firefox 38.0 and Firefox ESR 38.0. It enables a user-assisted remote attacker to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by visiting a crafted website; the issue is tied to a regression from CVE-2015-0821. Affected systems inc...

CVE-2015-2727

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a...

CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html CVE ID : CVE-2015-3443 Product: Secret Server 1 Vendor: Thycotic Subject: Stored Cross-Site Scripting Vulnerability XSS Risk: High Effect: Remotely exploitable Author: Marco Delai [email protected] Date: June 24th 2015...

Thycotic Secret Server 8.8.000004 Cross Site Scripting

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html CVE ID : CVE-2015-3443 Product: Secret Server 1 Vendor: Thycotic Subject: Stored Cross-Site Scripting Vulnerability XSS Risk: High Effect: Remotely exploitable Author: Marco Delai [email protected] Date: June 24th 2015...

Cisco Application and Content Networking System URL Page Return Cross-Site Scripting Vulnerability

A vulnerability in Cisco Application and Content Networking System ACNS could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of the URL of pages that are not accessible to the end user that could be return...

Google Chrome < 43.0.2357.65 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.65. It is, therefore, affected by multiple vulnerabilities as referenced in the 201505stable-channel-update19 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attacke...

Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2015-03354)

Blink is a browser typography engine developed by Google and Opera Software. Blink suffers from a same-origin policy bypass vulnerability. It allows remote attackers to bypass the same-origin policy via carefully crafted JavaScript code...

CVE-2015-1260

Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...

Server side request forgery (ssrf)

Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...

CVE-2015-1260

Removed by vendor...

CVE-2015-1260

Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...

Analysis WordPress a js Backdoor-vulnerability warning-the black bar safety net

We were recently in a lot of WordPress sites to find a for a collection the administrator login credentials for the backdoor, the injured site is to insert a concealment code, when an administrator logs on, the code is triggered, the Administrator's login credentials are encrypted by the GET...

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...