Mail.ru: [account.mail.ru] XSS на странице восстановления пароля

При генерации формы восстановления пароля значение email подставляется туда как есть: https://account.mail.ru/recovery/support?email=%3Csvg%20onload=alertdocument.domain%3E Domain, site, application -- https://account.mail.ru/recovery/support Testing environment -- Firefox 60.0 Chrome 66.0 Steps ...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...

MGASA-2018-0261 Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...

USN-3660-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, install lightweight themes without user interaction, or...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20180524)

This update upgrades Thunderbird to version 52.8.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Backport critical security fixes in Skia CVE-2018-5183 - Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154 -...

RHEL 6 : thunderbird (RHSA-2018:1726)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1726 advisory. - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Use-after-free with SVG animations and clip...

Dumpzilla - Extract All Forensic Interesting Information Of Firefox, Iceweasel And Seamonkey Browsers

Dumpzilla official site : www.dumpzilla.org http://www.dumpzilla.org "Mozilla browser forensic tool" Manual : Español http://dumpzilla.org/Manualdumpzillaes.txt "Manual en español de dumpzilla" / English http://dumpzilla.org/Manualdumpzillaen.txt "Dumpzilla english Manual" SO : Unix / Win...

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.8 fixes the following issues: Security issues fixed MFSA 2018-13, boo1092548: - CVE-2018-5183: Backport critical security fixes in Skia - CVE-2018-5154: Use-after-free with SVG animations and clip paths - CVE-2018-5155: Use-after-free with SVG...

Schneider Electric PLCs Cross Site Request Forgery

Exploit Title: Schneider Electric PLCs - Cross-Site Request Forgery Date: 2018-05-12 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Tested on: Windows CVE: CVE-2013-0663 Version: Schneider Electric Quantum PLC: 140NOE77111, 140NOE77101, 140NWM10000 Modicon M340 PLC...

Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability(CVE-2018-3842)

Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...

WordPress Ultimate Member Access Restriction Bypass Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Ultimate Member is one of the plug-ins used to create a membership site or online community. A security vulnerability exists...

Malicious Package

Overview Version 0.3.0 of react-dates-sc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.0 of this module is found...

CVE-2018-0589

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors...

CVE-2018-0589

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors...

Authentication flaw

Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors...

Google Forms < 0.94 - Eval Injection

The Google Forms WordPress plugin was affected by an Eval Injection security vulnerability...

WordPress Ninja Forms SQL Injection

SQL Injection vulnerability in WordPress Ninja Forms plugin parse-media-shortcode parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

Foxit Reader XFA subform remote code execution vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA subform element, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...

Foxit Reader XFA Button Remote Code Execution Vulnerability (CNVD-2018-09950)

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of the XFA Button element, which can be exploited by an attacker to execute arbitrary code in the context of the current process due to a failure to validate an object befor...

Caldera Forms <= 1.5.9.1 - Multiple Cross-Site Scripting (XSS)

The Caldera Forms – More Than Contact Forms WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...