Downloads Resources over HTTP

Overview Affected versions of selenium-binaries insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

kernel: NULL dereference in RFCOMM bind callback

The rfcommsockbind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service NULL pointer dereference via vectors involving a bind system call on a Bluetooth RFCOMM socket...

tinyshell - Python Client with PHP Shell

python Client with php shell , allows to connect and send commands over current protocol using POST and GET Requests Features 1. connect with direct session with no need for reverse connection . 2. support password protection . 3. can be binded to any file with no damage . 4. using GET/POST reque...

CVE-2016-5170

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified oth...

UBUNTU-CVE-2016-5170

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified oth...

UBUNTU-CVE-2016-5149

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...

Google Chrome memory misreference vulnerability (CNVD-2016-07205)

Google Chrome is a web browser developed by the American company Google Google. A memory misreference vulnerability exists in event binding in Google Chrome versions prior to 53.0.2785.89. An attacker can exploit this vulnerability to execute arbitrary code in the browser context to bypass securi...

CVE-2016-5156

extensions/renderer/eventbindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service use-after-free...

HackerOne: Session hijacking attack

Hi you have Session hijacking attack https://www.owasp.org/index.php/Sessionhijackingattack Yes, you use HttpOnly cookie , but in older browsers bypass such restrictions exist , that does not prevent in theory find this in the future . As you update the site on a daily basis and it is possible to...

[SECURITY] Fedora 23 Update: kf5-kjsembed-5.24.0-1.fc23

KSJEmbed provides a method of binding JavaScript objects to QObjects, so you can script your applications...

The vulnerability of the SeaMonkey software package allows a malicious attacker to trigger a service failure or execute arbitrary code.

The SeaMonkey software contains a vulnerability in the nsXBLProtoImpl::InstallImplementation function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure using JavaScript, which processes XBL objects in the same way as XBL...

The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.

The vulnerability of the Java Development Kit application development tool relates to the subcomponents of the program. Exploiting this vulnerability allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of data by using the JAXB subcomponent...

The vulnerability of the Thunderbird email client allows a remote attacker to trigger a service failure or execute arbitrary code.

Mozilla Thunderbird’s software contains a vulnerability in the function nsXBLProtoImpl::InstallImplementation. Exploiting this vulnerability allows an attacker to execute arbitrary code or trigger a service failure using JavaScript, which processes XBL objects in the same manner as XBL itself...

Vulnerability of the Java Runtime Environment software platform, which allows a malicious attacker to compromise data confidentiality and integrity

Vulnerability of the Java Runtime Environment, related to program subcomponents. Exploiting this vulnerability allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of data by using the JAXB subcomponent...

[SECURITY] Fedora 23 Update: php-ZendFramework2-2.4.10-1.fc23

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions policies.

The vulnerability of the extensions/renderer/resources/binding.js component in Google Chrome’s browser-based bindings extensions is related to the improper use of prototypes. Exploiting this vulnerability could allow a malicious actor to bypass existing access control policies...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.

The vulnerability of Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause a service failure memory corruption, or possibly have other effects through a specially crafted web page related to BindingSecurity.cpp and...

CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

CVE-2016-1676

CVE-2016-1676 affects Google Chrome/Chromium before 51.0.2704.63. The issue is a cross-origin bypass in extension bindings (bindings.js) caused by improper prototype handling in the extensions framework, enabling remote bypass of Same Origin Policy via unspecified vectors. Debian security advisor...