Open-xchange OX App Suite 跨站脚本漏洞

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via...

CVE-2019-12566

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user...

CVE-2016-9904

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox 50.1, Firefox...

Meltdown and Spectre Aren’t Business as Usual

The new year brought a new vulnerability type — the CPU-based Meltdown and Spectre bugs — that’s forcing vendors and IT departments to modify long-standing ways of identifying threats, prioritizing remediation, managing patches and evaluating risk. “Meltdown and Spectre are different...

agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting

agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting !-- Source: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2017-005.txt Advisory ID: SYSS-2017-005 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Versions: 7.8.1.4-251 Tested Versions:...

Project avatar resource vulnerable to XSRF

The project avatar resource accepts content type of MULTIPARTFORMDATA so a malicious attacker could use javascript to submit a form from a foreign host to a stash server and trick the user into changing the project avatar in Stash. cc David Black Atlassian - is there any reason why panopticon fou...

Google Chrome Denial of Service Vulnerability (CNVD-2015-00819)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the components/navigationinterception/interceptnavigationresourcethrottle.cc file in versions of Google Chrome prior to 40.0.2214.91, which stems from the program's failure to restri...

chromium-browser: use-after-free in DOM

Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper...

CVE-2014-3191

CVE-2014-3191 is a use-after-free vulnerability in Blink used by Google Chrome prior to 38.0.2125.101. It arises from widget-position update interactions with the render tree, specifically in FrameView.cpp (FrameView::updateLayoutAndStyleForPainting) and RenderLayerScrollableArea.cpp (RenderLayer...

e107 1.0.1 - CSRF Resulting in Arbitrary Javascript Execution

No description provided by source. Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:This site is powered by e107 Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

e107 v1.0.1 CSRF Resulting in Arbitrary Javascript Execution

Exploit for php platform in category web applications Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

CSICE XSS and CSRF Vulnerability

Exploit for unknown platform in category web applications ================================ CSICE XSS and CSRF Vulnerability ================================ http://www.csice.org/ Suffers from XSS and CSRF cross site scripting and cross site request forgery attacks. The vulnerability lies in the...

CVE-2004-1201

Opera 7.54 allows remote attackers to cause a denial of service application crash from memory exhaustion, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...

[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability

ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability Release Date: June 9, 2004 Severity: Medium Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web...

WebChat XSS

The remote host is vulnerable to a cross-site scripting attack through its web chat module : - An attacker may create a new user with a bogus email address containing JavaScript code - Then the profile of the newly created user or the 'lost password' page for this user will display the unprocesse...

CVE-2001-1219

Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service client crash via JavaScript that continually refreshes the window via self.location...