jQuery Official Blog Hacked — Stay Calm, Library is Safe!

The official blog of jQuery—most popular JavaScript library used by millions of websites—has been hacked by some unknown hackers, using the pseudonym "str0ng" and "n3tr1x." jQuery's blog website blog.jquery.com runs on WordPress—the world's most popular content management system CMS used by...

Anonymous SQL Execution in Oracle Advanced Support

A little over a year ago I was performing a penetration test on a client's external environment. One crucial step in any external penetration test is mapping out accessible web servers. The combination of nmap with EyeWitness make this step rather quick as we can perform port scanning for web...

'HoeflerText' Popups Target Browsers With RAT and Locky Ransomware

A malware campaign utilizing bogus popups that alert users to a missing web-font is targeting Google Chrome and Firefox browser users. The popups contain a malicious JavaScript file that initiates the download of either the NetSupport Manager remote access tool RAT or Locky ransomware. The...

Session Hijacking, Cookie-Stealing WordPress Malware Spotted

Researchers have identified a strain of cookie stealing malware injected into a legitimate JavaScript file, that masquerades as a WordPress core domain. Cesar Anjos, a security analyst at Sucuri, a firm that specializes in WordPress security, came across the malware during an incident response...

Artifex Software MuJS Integer Overflow Vulnerability (CNVD-2017-01667)

Artifex Software MuJS is a lightweight JavaScript interpreter from Artifex Software, USA, which is used to embed into other software to provide script execution capabilities. Artifex Software MuJS 8f62ea10a0af68e56d5c00720523ebcba13c2e6a A security vulnerability exists in previous versions of...

CVE-2016-9642

JavaScriptCore in WebKit allows attackers to cause a denial of service out-of-bounds heap read via a crafted Javascript file...

CVE-2016-9642

JavaScriptCore in WebKit allows attackers to cause a denial of service out-of-bounds heap read via a crafted Javascript file...

CVE-2016-9642

CVE-2016-9642 affects WebKit's JavaScriptCore in WebKitGTK+ (WebKitGTK+ up to version before 2.16.0) and WebKit/WebKitGTK+ deployments. The root cause is an out-of-bounds heap read triggered by a crafted Javascript file, leading to a denial of service. Public advisories (e.g., ASA-201704-9 for Ar...

CVE-2016-9642

Removed by vendor...

UBUNTU-CVE-2016-9642

JavaScriptCore in WebKit allows attackers to cause a denial of service out-of-bounds heap read via a crafted Javascript file...

CVE-2016-9642

JavaScriptCore in WebKit allows attackers to cause a denial of service out-of-bounds heap read via a crafted Javascript file...

CVE-2017-5628

An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file...

CVE-2017-5627

An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsRsetproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the jspushstring function in jsrun.c when parsing a specially crafted JS...

CVE-2016-9017

Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsCdumpfunction function in the jsdump.c...

SUSE SLED12 / SLES12 Security Update : ctags (SUSE-SU-2016:2097-1)

This update for ctags fixes the following issues : - CVE-2014-7204: Potential denial of service infinite loop and CPU and disk consumption via a crafted JavaScript file. bsc899486 - Missing Requirespost on coreutils as it is using rm1. bsc976920 Note that Tenable Network Security has extracted th...

MediaWiki cross-site scripting vulnerability (CNVD-2015-02415)

MediaWiki is a Wiki program. A cross-site scripting vulnerability exists in MediaWiki. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a custom JavaScript file...

DEBIAN-CVE-2015-2938

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...

CVE-2015-2938

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...

CVE-2015-2938

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...