79 matches found
Clock Live Wallpaper - External URLs, Suspicious files, WebView JavaScript enabled vulnerabilities
HackApp vulnerability scanner discovered that application Clock Live Wallpaper published at the 'play' market has multiple vulnerabilities...
MHP RIESEN - External URLs, Suspicious files, WebView JavaScript enabled vulnerabilities
HackApp vulnerability scanner discovered that application MHP RIESEN published at the 'play' market has multiple vulnerabilities...
FaceTube - External URLs, Unsafe deleting, WebView JavaScript enabled vulnerabilities
HackApp vulnerability scanner discovered that application FaceTube published at the 'play' market has multiple vulnerabilities...
Stars Watch Face - Suspicious files, Unsafe deleting, WebView JavaScript enabled vulnerabilities
HackApp vulnerability scanner discovered that application Stars Watch Face published at the 'play' market has multiple vulnerabilities...
SUSE-SU-2015:1449-1 Security update for MozillaFirefox, mozilla-nss
Mozilla Firefox is being updated to the current Firefox 38ESR branch specifically the 38.2.0ESR release. Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety...
Firefox toString console.time Privileged Javascript Injection
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/exploitation/jsobfu' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include...
Firefox toString console.time Privileged Javascript Injection
This exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges. This module requires Metasploit: https://metasploit.com/download Current source:...
Google, FireEye Demand Change from Vulna Ad Network
An Android ad library containing a maliciously potent cocktail of features and vulnerabilities is less of a danger to Android users today after Google and the ad network made a series of changes spurred by security firm FireEye’s insistence. Despite fixes from the ad network, updates implemented ...
Mandriva Update for firefox MDVSA-2010:251 (firefox)
Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVSA-2010:251 firefox Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
openSUSE 10 Security Update : seamonkey (seamonkey-1952)
This security update brings Mozilla SeaMonkey to version 1.0.4. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - CVE-2006-3801/MFSA 2006-44: Code execution through deleted frame reference...
EUVD-2007-3719
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service crash via unspecified vectors that trigger memory corruption...
CVE-2006-6498
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service memory corruption an...
CVE-2005-1592
Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript...
CVE-2005-1592
CVE-2005-1592 affects BirdBlog versions before 1.3.1, where multiple javascript vulnerabilities in BBCode allow remote attackers to inject arbitrary JavaScript. The issue is documented across multiple feeds (NVD/Red Hat/CVE) with the same description. No exploit details are provided in the connec...
Anthill login and JavaScript vulnerabilities
Anthill login and JavaScript vulnerabilities PROGRAM: Anthill VENDOR: Vincent Danen [email protected] HOMEPAGE: http://anthill.vmlinuz.ca/ VULNERABLE VERSIONS: all TYPE: remote SEVERITY: high DESCRIPTION: "Anthill is a bug tracking database system written in PHP. It provides the standard bu...
Дырки в Ultimate Bulletin Board (javascript, cookie)
Можно вставить javascript в таг IMG, кроме того при проверке куки не проверяется пароль пользователя...
Re: Several javascript vulnerabilities in Opera
Dear bugtraq, I mailed Opera one week ago about a similiar javascript vulnerability in Opera. I was still waiting for any respond from Opera when I saw Guninski's bugtraq post. One thing that wasn't mentioned and might not be obvious is that the vulnerability can also be used to list files on the...
Several javascript vulnerabilities in Opera
Georgi Guninski security advisory 51, 2001 Several javascript vulnerabilities in Opera Systems affected: Opera 5.12/Windows, Opera 5.0/Linux - probably other versions Risk: Medium Date: 15 November 2001 Legal Notice: This Advisory is Copyright c 2001 Georgi Guninski. You may distribute it...
ie5.javascript.redirect.txt
IE 5.0 allows reading local and from any domain files and window spoofing using HTTP redirection to "javascript:" Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is n...