4727 matches found
Design/Logic Flaw
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...
CVE-2015-0818
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...
Et-Chat 3.0.6 Cross Site Scripting
Exploit Title: Et-Chat 3.0.6 Cross Site Scripting Vulnerability Google Dork: "ET-Chat v3.0.6" Date: 2015-03-20 Exploit Author: IranHack Security Team Tested on: Windows 7 Vendor : Www.Et-chat.Ir Our Website : Www.IranHack.Org Vulnerable code : Location :...
CVE-2015-1230
The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript cod...
CVE-2015-1230
CVE-2015-1230 concerns Google Chrome/Blink. The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h conflicts with the AudioContext class, enabling a remote attacker to trigger type confusion via JavaScript when an AudioContext listener is added, potentially causing a denial of s...
CVE-2015-1230
Removed by vendor...
CVE-2015-0828
Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...
CVE-2015-0821
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions...
Double free
Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...
CVE-2015-0828
Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...
CVE-2015-0828
Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...
CVE-2015-0821
Mozilla Firefox before 36.0 is affected by CVE-2015-0821. The vulnerability allows a user-assisted remote attacker to read arbitrary files or execute arbitrary JavaScript with chrome privileges via a crafted web site that is opened with unspecified mouse/keyboard actions. The issue stems from mem...
CVE-2015-0821
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions...
CVE-2015-0821
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions...
Cosmoshop - XSS on Admin-Login Mask
author: l0om page: l0om.org date: 14.02.2015 Cosmoshop is a simple webshop designed for the german market. There is a simple XSS flaw at the admin-login panel in probably all cosmoshop versions. The admin login can be found at http://www.shop-site.de/cgi-bin/cosmoshop/admin/index.cgi This page wi...
Design/Logic Flaw
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote...
CVE-2015-1209
Removed by vendor...
CVE-2015-1209
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote...
FreeBSD : rabbitmq -- Security issues in management plugin (8469d41c-a960-11e4-b18e-bcaec55be5e5)
The RabbitMQ project reports : Some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI : - When a user unqueued a message from the management UI, message details header names, arguments, etc. were displayed unescaped. An attacker coul...
WordPress Geo Mashup 1.8.2 Cross Site Scripting
Vulnerability title: Wordpress Geo Mashup plugin XSS Author: Paolo Perego CVE: CVE-2015-1383 Affected versions: = 1.8.2 Fixed version: 1.8.3 January, 11 2015 Product link: https://wordpress.org/plugins/geo-mashup/ Description Geo Mashup is a wordpress plugin designed to let you save location...