Chrome Universal XSS via reentrancy in FrameLoader::startLoad (CVE-2016-1697)

VULNERABILITY DETAILS From /thirdparty/WebKit/Source/core/loader/FrameLoader.cpp: void FrameLoader::startLoad... ASSERTclient-hasWebView; if mframe-document-pageDismissalEventBeingDispatched != Document::NoDismissal return; ... mframe-document-cancelParsing;...

Chrome Universal XSS via same document navigations (CVE-2016-1711)

VULNERABILITY DETAILS FrameLoader::loadInSameDocument is vulnerable to a problem similar to the one described in issue 613266: void FrameLoader::loadInSameDocumentconst KURL& url, ... ... // If we have a provisional request for a different document, a fragment scroll should cancel it...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Qualcomm Android operating system’s loader is related to the lack of protection for service data. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the loader context. This issue is considered “high” because it represents a...

WordPress Simple Ads Manager 2.9.8.125 PHP Object Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick...

The vulnerability of the library that handles system calls and core functions, glibc, allows a attacker to execute arbitrary code.

The vulnerability of the elfgetdynamicinfo function in the elf/dynamic-link.h file of the ld.so library, which provides system calls and core functions, is related to integer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely using a specially crafted EL...

The vulnerability of the Android operating system, which allows a hacker to gain access to data

The vulnerability in the initial loader of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a local attacker to access data beyond their authorized access level. This issue is considered “high” because it could be used to...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability in the initial loader of the Qualcomm Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code of a local malicious application within the kernel context. This issue is considered...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary commands

The vulnerability of the initial loader of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a local attacker to execute arbitrary commands on the device’s modem. This issue is considered “high” because it causes continuous service...

The vulnerability of the Android operating system, which allows a hacker to gain access to data

The vulnerability in the initial loader of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a local attacker to access data beyond their authorized access level. This issue is considered “high” because it could be used to...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability in the initial loader of the Qualcomm Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code of a local malicious application within the kernel context. This issue is considered...

USN-3186-1 iucode-tool vulnerability

It was discovered that iucode-tool incorrectly handled certain microcodes when using the -tr loader. If a user were tricked into processing a specially crafted microcode, a remote attacker could use this issue to cause iucode-tool to crash, resulting in a denial of service, or possibly execute...

UBUNTU-CVE-2016-8694

The bmreadbodybmp function in bitmapio.c in potrace before 1.13 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696...

DEBIAN-CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file...

ALPINE-CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file...

CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file...

UBUNTU-CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file...

UBUNTU-CVE-2017-0357

A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption...

Malware exploit: Smoke Loader

Type: SQLi http://localhost/control.php?id=1 http://localhost/guest.php?id=1 POST...

CVE-2016-8438

Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass Peripheral Image Loader PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR1023638...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Fixed an XSS vulnerability in Security Library method xssclean. Fixed a possible file inclusion vulnerability in Loader Library method vars. Fixed a possible remote code execution vulnerability in the Email Library when ‘mail’ or ‘sendmail’ are used thanks to Pa...