CVE-2014-1743

Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted...

CVE-2014-1743

Removed by vendor...

Cross site scripting

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an...

CVE-2013-7385

Technical details about this CVE are not publicly available in the provided Connected documents. Monitor for updates.

PHPYUN云人才系统后台CSRF Getshell

简要描述： phpyun后台没有验证token，可以通过CSRF直接getshell 详细说明： 首先从后台getshell开始。 网站的配置文件，/plus/config.php，用的是双引号做键值，这导致了安全问题。我们可以把php代码写进双引号里面执行。 修改配置文件，提交: 然后访问/plus/config.php： 特别的是，因为phpyun后台没有防御CSRF的办法，所以我们可以构造一个表单，诱使管理员访问，修改配置文件，导致getshell。 详见漏洞证明。 漏洞证明：...

[ MDVSA-2014:054 ] otrs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:054 http://www.mandriva.com/en/support/security/ Package : otrs Date : March 13, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerability: An attacker could...

[SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stored Cross Site Scripting in Ektron CMS 8.7 CVE reference: CVE-2014-2729 Affected platforms: Ektron Web Content Management System Version: 8.7.0 Date: 2013-December-19 Security risk: Medium CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N Researcher: Joseph Zeng...

CVE-2014-1524

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of...

Design/Logic Flaw

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

CVE-2014-1527

CVE-2014-1527 affects Mozilla Firefox for Android (Android builds, e.g., Firefox 28.x and earlier; NVD references Firefox before 29.0 on Android). The vulnerability allows remote attackers to spoof the address bar by crafting JavaScript that uses DOM events to prevent reappearance of the real add...

Mozilla Firefox generateCRMFRequest Remote Code Execution (CVE-2012-3993; CVE-2013-1710)

A remote code execution vulnerability has been reported in Mozilla Firefox. The Chrome Object Wrapper COW implementation does not properly interact with failures of InstallTrigger methods. By exploiting this, remote attacker could execute arbitrary JavaScript code with chrome privileges via a...

CVE-2014-1524

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

MGASA-2014-0194 Updated otrs packages fix multiple vulnerabilities

Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...

Ektron CMS 8.7 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stored Cross Site Scripting in Ektron CMS 8.7 CVE reference: CVE-2014-2729 Affected platforms: Ektron Web Content Management System Version: 8.7.0 Date: 2013-December-19 Security risk: Medium CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N Researcher: Joseph Zeng...

CVE-2014-2866

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code...

Code injection

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code...

CVE-2014-1717

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...

Out-of-bounds

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...

CVE-2014-1717

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...