CVE-2016-8506

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code...

Adobe Reader and Acrobat Memory Corruption (APSB16-33: CVE-2016-6960)

A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error while loading a PDF containing a malicious JavaScript code. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected version of Adobe...

CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

Code injection

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

CVE-2016-5171

CVE-2016-5171 affects Blink in Chromium/Chrome. WebKit/Source/bindings/templates/interface.cpp does not prevent certain constructor calls, enabling a remote attacker to trigger a use-after-free via crafted JavaScript, potentially causing denial of service and unspecified other impact. Affected: B...

CVE-2016-5171

Removed by vendor...

CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database aka IndexedDB API implementation that does not properly restrict key-path evaluation, which allows remote...

CVE-2016-5150

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database aka IndexedDB API implementation that does not properly restrict key-path evaluation, which allows remote...

QNAP QTS 'qname' Parameter XSS Vulnerability

QNAP QTS is prone to a cross-site scripting XSS vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

chromium: multiple issues

CVE-2016-5139 arbitrary code execution Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have other unspecified impact via crafted JPEG 2000 data. -...

WordPress Link Library 5.9.12.29 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting in Link Library WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------...

OLX: XSS on Meta Tag at https://m.olx.ph

Hi, There is improper validation at q parameter on https://m.olx.ph/ where it can be manipulated by an attacker to include his/her XSS payload to execute javascript code. As example: https://m.olx.ph/all-results?q=0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg"...

CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

WordPress Contact Form To Email Plugin <= 1.1.47 - Cross Site Scripting

Because of this vulnerability, attackers can inject malicious JavaScript code into the application. Solution Update the plugin...

CVE-2016-5129

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

Design/Logic Flaw

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

CVE-2016-5127

CVE-2016-5127 is a use-after-free vulnerability in Blink’s editing path (WebKit/Blink) affecting Google Chrome prior to 52.0.2743.82. The issue arises in WebKit/Source/core/editing/VisibleUnits.cpp and can be triggered by crafted JavaScript using an @import at-rule in a CSS token sequence with re...

CVE-2016-5129

CVE-2016-5129 refers to a memory corruption vulnerability in Google V8 (the JavaScript engine) used by Google Chrome. According to the sources, V8 before 5.2.361.32 on Chrome before 52.0.2743.82 fails to properly process left-trimmed objects, which could be exploited by crafted JavaScript to caus...

CVE-2016-5129

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...