SUSE CVE-2014-7929

Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact...

Posta - Cross-document Messaging Security Research Tool

Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities, and includes features such as replaying messages sent between windows within any attached browser. Prerequisites Google Chrome / Chromium Node.js option...

Mozilla: Use-after-free when appending DOM nodes

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affec...

DNN (DotNetNuke) 5.2.0 < 9.1.1 Multiple Vulnerabilities

The version of DNN Platform formerly DotNetNuke running on the remote host is 5.2.0 or later but prior to 9.1.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to insecure use of web cookies to identify users. An unauthenticated, remote...

Google Chrome Blink Memory Misreference Vulnerability (CNVD-2015-01511)

Google Chrome is a web browsing tool developed by Google. Google Chrome 41.0.2272.76 before the version used in Blink in the DOM implementation of the process of core/html/HTMLScriptElement.cpp file in the 'HTMLScriptElement::' function and core/svg/SVGScriptElement.cpp file 'didMoveToNewDocument...

acroread: multiple code execution flaws (APSB11-16)

Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."...

Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-12, APSB11-12, APSB11-16) (Mac OS X)

The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1, 9.4.5, or 8.3. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. CVE-2011-2094, CVE-2011-2095, CVE-2011-209...

Adobe Reader / Acrobat multiple security vulnerabilities

Buffer overflow, memory corruption, code execution, cross document scripting...

CVE-2011-2101

Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."...

Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)

The version of Adobe Reader installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. CVE-2011-2094, CVE-2011-2095, CVE-2011-2097 - A heap...

Adobe Acrobat < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)

The version of Adobe Acrobat installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. CVE-2011-2094, CVE-2011-2095, CVE-2011-2097 - A hea...

Fuzzing tool discovers over 100 vulnerabilities in popular browsers !

The public release of crossfuzz - a cross-document DOM binding fuzzer that is able to detect vulnerabilities in all browsers by examining how they interact with various elements while they render web pages - by the Google-employed security researcher Michal Zalewski has unveiled some worrying...