4727 matches found
TP-Link Cross Site Request Forgery Vulnerability
This write up goes into detail about how real world cross site request forgery attacks can be used to hijack DNS on TP-Link routers. I. Introduction Today the majority of wired Internet connections is used with an embedded NAT router, which allows using the same Internet connection with several...
Code injection
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object...
CVE-2013-5598
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object...
CVE-2013-5598
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object...
CVE-2013-5703
The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js...
Code injection
The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js...
CVE-2013-5703
CVE-2013-5703 affects the DrayTek Vigor 2700 router (notably v2.8.3) where a crafted SSID value is mishandled when inserted into the sWlessSurvey list in variables.js. This enables remote attackers to execute arbitrary JavaScript in the router’s web administration context and to modify settings o...
New Phishing attack targets Italian Postal and Financial service again
A phishing attack is a complex combination of technology and psychology. There are numerous ways in which people are being made fools and they can be conned by hitting on unsecured website links. Sophos experts detected this week an intriguing case of phishing against the Italian postal service...
New Phishing attack targets Italian Postal and Financial service again
A phishing attack is a complex combination of technology and psychology. There are numerous ways in which people are being made fools and they can be conned by hitting on unsecured website links. Sophos experts detected this week an intriguing case of phishing against the Italian postal service...
ASLR bypass techniques are popular with APT attacks
Address space layout randomization ASLR is a security technique involved in protection from buffer overflow attacks. Many recent APT Advanced Persistent Threat attacks have utilized many different ASLR bypass techniques during the past year, according to Researchers at FireEye. Many exploits and...
ASLR bypass techniques are popular with APT attacks
Address space layout randomization ASLR is a security technique involved in protection from buffer overflow attacks. Many recent APT Advanced Persistent Threat attacks have utilized many different ASLR bypass techniques during the past year, according to Researchers at FireEye. Many exploits and...
Memory corruption
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted JavaScript code that uses the onpropertychange event handler, as exploit...
CVE-2013-3897
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted JavaScript code that uses the onpropertychange event handler, as exploit...
CVE-2013-2922
Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that operates on a TEMPLATE element...
CVE-2013-2922
CVE-2013-2922 describes a use-after-free in Blink’s template element implementation (core/html/HTMLTemplateElement.cpp) used by Chrome up to 30.0.1599.66. Exploitation would require crafted JavaScript operating on a TEMPLATE element and could cause a denial of service or other impact as described...
Android's Firefox app Vulnerability allows hacker to steal files from SD card
Mobile Browsers are complicated applications and locking them down against threats is extremely difficult. According to a Mobile Security Researcher, Sebastián Guerrero from 'viaForensics', Android's Firefox browser app is vulnerable to Hackers. He responsibly disclosed the details to Mozilla, th...
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/62782/info SilverStripe is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in th...
CVE-2013-3609
The web interface in the Intelligent Platform Management Interface IPMI implementation on Supermicro H8DC, H8DG, H8SCM-F, H8SGL-F, H8SM, X7SP, X8DT, X8SI, X9DAX-, X9DB, X9DR, X9QR, X9SBAA-F, X9SC, X9SPU-F, and X9SR devices relies on JavaScript code on the client for authorization checks, which...
CVE-2013-1710
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...
Cross site scripting
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...