Remote Code Execution (RCE)

Electron.js is vulnerable to remote code execution RCE. Github Electron has nodeIntegration enabled by default allowing Javascript to access operating system primitives. This affects all applications that bundle Electron...

MGASA-2017-0233 Updated java-1.8.0-openjdk packages fix security vulnerabilities

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application CVE-2017-10102. Multiple flaws were discovere...

CVE-2017-2239

Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript...

Weblate: HttpOnly Flag not set

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this application then the cookie will be accessible and can be transmitted to another site. HTTP/1.1 200 OK Server: nginx Date: Wed, 26 Apr 2017 08:27:17...

chromium-browser: info leak in extensions

A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page...

Интерактивная биржа Петербурга - External URLs, WebView JavaScript enabled, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application Интерактивная биржа Петербурга published at the 'play' market has multiple vulnerabilities...

Apple iOS Safari Information Disclosure Vulnerability

Apple iOS is an operating system for handheld devices developed by Apple Inc. Apple iOS suffers from an information disclosure vulnerability that allows remote attackers to exploit the vulnerability via specially crafted JavaScript code to obtain sensitive information related to browser history,...

jigbrowser+ for iOS same origin policy bypass

Overview jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

LiveZilla 5.1.2.0 Insecure password storage

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7033 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Status: Partly fixed 0x01 Background LiveZilla, the widely-used and trusted Liv...

LiveZilla 5.1.2.0 Insecure Password Storage

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7033 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Status: Partly fixed 0x01 Background LiveZilla, the widely-used and trusted Liv...

FreeBSD : www/chromium -- multiple vulnerabilities (2092a45b-e2f6-11e1-a8ca-00262d5ed8ee)

Google Chrome Releases reports : 129898 High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. 130595 High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. 133450 High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov...

[Full-disclosure] Firesearching 1 + 2 [Firefox 1.0.2]

Notice I really wonder why the Mozilla Foundation decided to release a serious security update on a friday night and to disclose the link to my proof-of-concept code so quickly. It wasn't intendet from my side to release this as a 0day exploit. Please complain to [email protected] if you...

security flaw

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier 1 allow access to restricted Java classes via JavaScript and 2 do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary file...

CVE-2004-1145

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier 1 allow access to restricted Java classes via JavaScript and 2 do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary file...

CVE-2004-1145

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier 1 allow access to restricted Java classes via JavaScript and 2 do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary file...

IE 5.5 Cross Frame security vulnerability - Web Browser Control's Navigate method

Georgi Guninski security advisory 20, 2000 IE 5.5 Cross Frame security vulnerability - Web Browser Control's Navigate method Systems affected: IE 5.5/Win98. Probably other versions - have not tested. Risk: High Date: 4 September 2000 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski...

CVE-1999-0790

A remote attacker can read information from a Netscape user's cache via JavaScript...