4739 matches found
CVE-2015-6764
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have...
CVE-2015-6772
Removed by vendor...
CVE-2015-6764
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have...
CVE-2015-6771
CVE-2015-6771 affects Google Chrome/Chromium using the V8 JavaScript engine. The vulnerability is an out-of-bounds read in V8 (js/array.js) related to array map/filter operations, exploitable via crafted JavaScript to cause remote DoS. Affected versions prior to Chrome/Chromium 47.0.2526.73 are f...
CVE-2015-6764
CVE-2015-6764 is an out-of-bounds read in Google V8’s BasicJsonStringifier::SerializeJSArray used by Chrome up to version 47.0.2526.73. The issue allows remote denial-of-service or other impact via crafted JavaScript; Debian advisory confirms the flaw and provides fixed package version 47.0.2526....
CVE-2015-6771
js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via crafted JavaScript code...
WordPress Users Ultra Plugin 1.5.50 - Persistent XSS
Because of this vulnerability, an attacker can include JavaScript code in package name or description. Solution Upgrade the plugin...
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting Exploit Title: WordPress Users Ultra Plugin Persistence XSS Discovery Date: 2015/10/20 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...
imagefap.com XSS vulnerability
Vulnerable URL: http://www.imagefap.com/clubs.php?avatar=1=1category=1=1=1=25=1;'%22%26%25prompt/XSSPOSED/...
The vulnerability of the Firefox browser, which allows a hacker to execute scripts across different websites
The vulnerability of the Firefox browser’s SDK extension is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to execute cross-site scripting attacks using specially crafted JavaScript code...
Open-Xchange Guard 2.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Product: Open-Xchange Guard Vendor: Open-Xchange GmbH Internal reference: 41466 Bug ID Vulnerability type: Cross-Site-Scripting CWE-80 Vulnerable version: 2.0 Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by...
iBackDoor: the suspected back door, the impact of the iOS app a high risk of code-bug warning-the black bar safety net
! Recently, FireEye Mobile Security researchers discovered embedded into the iOS app in the suspected“back door”behavior mobiSage advertising in the library, and these applications are from the App Store. The researchers will be the potential of the back door called iBackDoor, allowing hackers...
CVE-2015-7189
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...
CVE-2015-7187
The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via inline JavaScript code that is executed within a third-party extension...
CVE-2015-7189
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...
iBackDoor: High-Risk Code Hits iOS Apps
Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...
CVE-2015-7189
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...
CVE-2013-7445
The Direct Rendering Manager DRM subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager GEM objects, which allows context-dependent attackers to cause a denial of service memory consumption via an application that processes graphics data, as demonstrated by...
CVE-2015-6755
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...
CVE-2015-6755
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...