103 matches found
CVE-2018-20061
A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that...
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
CVE-2017-5384
CVE-2017-5384 : Information disclosure via Proxy Auto-Config (PAC) in Firefox
CVE-2017-6927
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...
CVE-2017-6927
Removed by vendor...
Drupal Core Multiple Vulnerabilities (SA-CORE-2018-001) - Linux
Drupal is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Microsoft Edge Chakra JIT NewScObjectNoCtor Array Type Confusion
Microsoft Edge: Chakra: JIT: Array type confusion via NewScObjectNoCtor CVE-2018-0838 This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses...
Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion Exploit
Exploit for windows platform in category dos / poc / This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses NewScObjectNoCtor instructions to perform it...
Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined Jav
Exploit for windows platform in category dos / poc / 1. Call patterns like "Math.max.applyMath, 1, 2, 3, 4, 5" and "Math.max.applyMath, arr" can be optimized to directly call the method "JavascriptMath::MaxInAnArray" in the Inline Phase. 2. The method takes the original method "Math.max" as the...
Microsoft Edge Chakra JIT - Inline::InlineCallApplyTarget_Shared does not Return the return Instruction
Microsoft Edge Chakra JIT - Inline::InlineCallApplyTargetShared does not Return the return Instruction / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1366 Here's a snippet of Inline::Optimize. FOREACHINSTREDITINGinstr, instrNext, func-mheadInstr switch instr-mopcode case...
Microsoft Edge Chakra JIT Inline::InlineCallApplyTarget_Shared Failed Return Exploit
Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: Inline::InlineCallApplyTargetShared doesn't return the return instruction CVE-2017-11841 Here's a snippet of Inline::Optimize. FOREACHINSTREDITINGinstr, instrNext, func-mheadInstr switch instr-mopcode case...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the save...
CVE-2017-10952
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the save...
Apple WebKit JSCallbackData UXSS
Apple Webkit: UXSS with JSCallbackData CVE-2017-2442 Here is the definition of |JSCallbackData| class. This class is used to call a javascript function from a DOM object. class JSCallbackDataStrong : public JSCallbackData public: JSCallbackDataStrongJSC::JSObject callback, void :...
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
globalObject-vm, callback JSC::JSObject callback return mcallback.get; JSDOMGlobalObject globalObject return JSC::jsCastmcallback-globalObject; JSC::JSValue invokeCallbackJSC::MarkedArgumentBuffer& args, CallbackType callbackType, JSC::PropertyName functionName, NakedPtr& returnedException return...
Apple Webkit: UXSS with JSCallbackData(CVE-2017-2442)
Here is the definition of |JSCallbackData| class. This class is used to call a javascript function from a DOM object. class JSCallbackDataStrong : public JSCallbackData public: JSCallbackDataStrongJSC::JSObject callback, void : mcallbackcallback-globalObject-vm, callback JSC::JSObject callback...
Node.js suffers from a deserialization remote code execution vulnerability
Node.js is a Javascript runtime. It is actually a wrapper around the Google V8 engine. In fact, it is the Google V8 engine package . Node.js is a platform based on the Chrome JavaScript runtime built for easy to build responsive , easy to extend the web application . A deserialization remote code...
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...