4727 matches found
Design/Logic Flaw
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a...
CVE-2014-1721
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a...
CVE-2014-1717
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...
CVE-2014-1717
Removed by vendor...
Sagem Fast 3304-V2 Authentication Bypass
Title : Sagem F@st 3304-V2 Authentification Bypass Vendor : http://www.sagemcom.com Severity : High Tested on : Firefox, Google Chrome, Internet Explorer Tested Router : Sagem F@st 3304-V2 3304, 3464, 3504 may also be affected Date : 2014-09-04 Author : Yassine Aboukir Contact : [email protected]...
Apple ID Phishing Scam Steals Credentials, Credit Cards
A new email phishing scam is making use of a realistic-looking Apple login page in order to pilfer Apple ID usernames and passwords before moving on to steal user credit card information. According to SANS Internet Storm Center forums member, Craig Cox, this phishing scam is particularly...
CVE-2014-1510
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...
Mandriva Linux Security Advisory : otrs (MDVSA-2014:054)
Updated otrs package fixes security vulnerability : An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695. %NASLMINLEVEL 70300 C Tenable Network Security,...
The ForzeArmate application安全绕过任意Javascript代码执行漏洞
CVE ID:CVE-2014-1885 The ForzeArmate application是一款基于安卓的应用。 当使用Adobe PhoneGap 2.9.0或之前版本时The ForzeArmate application存在安全漏洞,允许远程攻击者控制任意某一Google联合广告域,来执行任意JavaScript代码,获取外部存储资源。 0 The ForzeArmate application for Android 目前没有详细解决方案提供:...
CVE-2014-1885
The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain...
CVE-2014-1887
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated b...
CVE-2014-1887
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated b...
Design/Logic Flaw
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...
CVE-2014-1887
The CVE concerns the DrinkedIn BarFinder Android app when used with Adobe PhoneGap 2.9.0 or earlier. The underlying issue allows a remote attacker to execute arbitrary JavaScript by exploiting control over certain adult sites (e.g., freelifetimecheating.com and www.babesroulette.com), which in tu...
CVE-2012-6636
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...
CVE-2014-1887
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated b...
CVE-2012-6636
CVE-2012-6636 corresponds to an Android WebView issue where WebView.addJavascriptInterface is not properly restricted, allowing crafted JavaScript to invoke Java object methods via Reflection and potentially achieve remote code execution on apps targeting API level 16 or earlier. Connected docs s...
CVE-2014-1886
The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."...
otrs -- XSS Issue
The OTRS Project reports: An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed...
CVE-2013-6658
Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving 1 running JavaScript code during execution of the...