4727 matches found
WordPress Buddypress 1.9.1 Cross Site Scripting
Vulnerability: Wordpress plugin Buddypress = 1.9.1 stored xss Date: 13/02/2014 Author: Pietro Oliva Vendor Homepage: http://buddypress.org Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip Version: 1.9.1 CVE : CVE-2014-1888 Responsibly disclosed and patched in version 1.9....
Microsoft Internet Explorer Use-After-Free Vulnerability
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014. Recent...
CVE-2014-0322
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014. Recent...
CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting
CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting Exploit Title: CTERA Project Folders - Stored XSS Date: 11-Mar-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.ctera.com Version: 3.2.29.0 and 3.2.42.0 Tested on: ctera os CVE : CVE-2013-2639 OVERVIEW Standard Ctera User...
Android Browser / WebView addJavascriptInterface Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Android", :arch = ARCHARMLE, :javascript = true, :rank = ExcellentRanking, :vulntest = %Q| for i in top try...
i-doit Pro 1.2.4 Cross Site Scripting
COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2014-1237 CSNC ID: CSNC-2014-002 Product: i-doit Vendor: synetics Gesellschaft für Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...
GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
Author Information Author : Ahmed Elhady Mohamed Website : http://1nfosec4all.blogspot.com/ twitter : @kingasmk facebook :https://www.facebook.com/groups/ITsec4all/ Software Information Affected Software : GetSimple CMS 3.2.3, 3.1.2 Software website : http://get-simple.info/ CVE Reference :...
YXcmsApp某处xss导致getshell
简要描述: xss到后台导致getshell一条龙服务不过略鸡肋。 详细说明: YXCMS是一款面向企业的内容管理系统,采用三级缓存,MVC架构以BSD协议开源。 注册了用户以后来到用户管理页面,点击信息发布 - 增加咨询,发现是一个富文本编辑器,kindeditor。不管是什么编辑器,既然给了一个用户这么大的权限,这种情况下很容易出现xss。 随便输入点什么东西,抓包,修改content字段内容,写你的xss代码,什么都行。 好了。管理员在后台就能看到我提交的文章: 然后编辑的话就能触发xss:...
Integer overflow
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...
CVE-2013-5619
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...
CVE-2013-6671
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements...
CVE-2013-5619
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...
LiveZilla 5.1.1.0 Cross Site Scripting
Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7003 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.1.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...
osCmax e-Commerce 2.5.3 Cross Site Scripting / Shell Upload
Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Title : osCmax...
osCmax e-Commerce v2.5.3 (FU/ObjectInject) Multiple Vulnerabilities
osCmax e-Commerce v2.5.3 is suffer from multiple vulnerabilities remote attacker can upload file/shell via header attacks or exec a JavaScript Code & Inject a remote Object see also : CVE-2013-4144 Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...
Out-of-bounds
The DehoistArrayIndex function in hydrogen-dehoist.cc aka hydrogen.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via JavaScript code that sets the...
Out-of-bounds
The DehoistArrayIndex function in hydrogen-dehoist.cc aka hydrogen.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service out-of-bounds read via JavaScript code that sets a variable to the value of an array element with...
CVE-2013-6640
The DehoistArrayIndex function in hydrogen-dehoist.cc aka hydrogen.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service out-of-bounds read via JavaScript code that sets a variable to the value of an array element with...
CVE-2013-6640
The DehoistArrayIndex function in hydrogen-dehoist.cc aka hydrogen.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service out-of-bounds read via JavaScript code that sets a variable to the value of an array element with...
CVE-2013-6635
CVE-2013-6635 is a use-after-free in the editing code path of Chromium/Blink (as shipped in Google Chrome prior to 31.0.1650.63). The connected openSUSE advisories confirm this issue within the Chromium browser and show the fix as part of a Chromium 31.0.1650.63 stable update. Remediation per ope...