4727 matches found
Fortinet FortiOS Denial Of Service / Man-In-The-Middle
, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Fortinet FortiOS Multiple Vulnerabilities Affected Versions: Verified on FortiOS Firmware v5.0,build4457 GA Patch 7 PDF:...
CVE-2014-9648
components/navigationinterception/interceptnavigationresourcethrottle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service loss of browser...
itBit Exchange: Stored xss in bank name withdraw
Open https://beta.itbit.com/accounts 2. Add new Bank Account with payload in name field - Bank of New York'"asdF 3. Save this account and 4. Select it as a target to withdraw As you can see in screenshot at this time there is some problem with javascript code some filtration affected but we...
CVE-2014-9648
components/navigationinterception/interceptnavigationresourcethrottle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service loss of browser...
CVE-2014-9648
Removed by vendor...
Memory corruption
The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified oth...
Memory corruption
hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy...
Design/Logic Flaw
Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper...
Google Apps Flaw Allowed Hacker to Hijack Account and Disable Two-factor Authentication
A critical cross-site scripting XSS vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the domain. The Google Apps admin console allows administrators to manage their organization’s account...
CVE-2014-7927
The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified oth...
CVE-2014-7930
Removed by vendor...
CVE-2014-7927
Removed by vendor...
CVE-2014-7928
CVE-2014-7928 affects Google Chrome before 40.0.2214.91 via Google V8’s hydrogen.cc handling of arrays with holes, enabling remote memory corruption and possible DoS or other impact through crafted JavaScript. Connected sources (Nessus/OS advisories) confirm this as a memory corruption vulnerabil...
CVE-2014-7928
hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy...
CVE-2014-7927
The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified oth...
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0
Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...
CVE-2014-8636
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...
Design/Logic Flaw
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...
CVE-2014-8636
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...
CVE-2014-8636
CVE-2014-8636 affects Mozilla Firefox and SeaMonkey through an information flow bug in the XrayWrapper. The issue arises when interacting with a DOM object that has a named getter, allowing a remote attacker to cause arbitrary JavaScript execution with chrome privileges via unspecified vectors. A...