CVE-2013-1710

CVE-2013-1710 affects Mozilla Firefox and related Mozilla-based products via a flaw in Certificate Request Message Format (CRMF) request generation that could allow remote JavaScript execution or cross-site scripting. Specifically, vulnerable components include Firefox before 23.0, Firefox ESR 17...

CVE-2013-1710

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...

WordPress Comment Extra Fields 1.7 CSRF / XSS

Description : Wordpress Plugins - Comment Extra Fields XSRF/XSS Injection : http://site/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?movieName=";catcheif!self.aself.a=!alert'XSS';//...

CVE-2013-3299

RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service resource consumption or application crash via an HTML document containing JavaScript code that constructs a long string...

CVE-2013-1688

The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site...

Cross site scripting

The System Only Wrapper SOW and Chrome Object Wrapper COW implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute...

Design/Logic Flaw

The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...

CVE-2013-1697

The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...

CVE-2013-1687

The System Only Wrapper SOW and Chrome Object Wrapper COW implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute...

CVE-2013-1697

The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...

CVE-2013-1688

The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site...

PayPal.com Cross Site Scripting

Hello all! I'm Robert Kugler a 17 years old German student who's interested in securing computer systems. I would like to warn you that PayPal.com is vulnerable to a Cross-Site Scripting vulnerability! PayPal Inc. is running a bug bounty program for professional security researchers...

SWFUpload CSRF / XSS / Object Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

CVE-2013-0795

The System Only Wrapper SOW implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote...

CVE-2013-0795

The System Only Wrapper SOW implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote...

CVE-2013-2632

Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game...

CVE-2013-2632

Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game...

CVE-2013-2632

Removed by vendor...

CVE-2013-2632

Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game...

Ruby on Rails Patches DoS, XSS Vulnerabilities

The developers of Ruby on Rails, the popular web app framework, released four new versions of the product yesterday, complete with fixes for a series of vulnerabilities that could have lead to denial of service attacks and XSS injections. Four vulnerabilities in total are addressed in versions...