The vulnerability of the Firefox browser, which allows a malicious actor to execute arbitrary code

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, by using a fragment of IDL to trigger the...

CodoForum 3.4 - Persistent Cross-Site Scripting

Exploit Title: Codoforum v3.4 Stored Cross-Site Scripting Stored XSS Google Dork: intext:"powered by codoforum" Date: 01/06/2016 Exploit Author: Ahmed Sherif OffensiveBits Vendor Homepage: http://codologic.com/page/ Software Link: http://codoforum.com/index.php Version: V3.4 Tested on: Linux Mint...

CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...

CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...

Out-of-bounds

The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service out-of-bounds read via crafted JavaScript code...

CVE-2016-1688

The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service out-of-bounds read via crafted JavaScript code...

CVE-2016-1688

CVE-2016-1688 is an out-of-bounds read in the V8 JavaScript library used by Google Chrome/Chromium prior to 51.0.2704.63. The root cause involves mishandling external string sizes, enabling a remote attacker to trigger a denial of service via crafted JavaScript. Remediation: upgrade to Chrome/Chr...

CVE-2016-1678

Removed by vendor...

CVE-2016-1697

Removed by vendor...

CVE-2016-1701

The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted w...

CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impa...

CVE-2016-1665

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code...

CVE-2016-1665

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code...

CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impa...

Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing

Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing Software Link:http://en.browser.baidu.com/query/fullpackage.exe?lang=en Version:43.23.1000.476 Tested on:Win7/WinXP details: The baidu spark browser is vulnerable to Address Bar Spoofing in the latest version of the...

Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing

Software Link:http://en.browser.baidu.com/query/fullpackage.exe?lang=en Version:43.23.1000.476 Tested on:Win7/WinXP details: The baidu spark browser is vulnerable to Address Bar Spoofing in the latest version of the browser43.23.1000.476. Using the specail javascript code it was able to spoof the...

CVE-2016-1653

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related...

CVE-2016-1653

CVE-2016-1653 is an out-of-bounds write in Google V8 used by Chrome up to version 50.0.2661.75. The issue, tied to compiler/pipeline.cc and compiler/simplified-lowering.cc, could cause a denial of service and possibly other impact via crafted JavaScript. Affected software includes Google Chrome/C...

CubeCart 6.0.10 - Multiple Vulnerabilities

Exploit for php platform in category web applications Product: CubeCart Vendor: CubeCart Limited Vulnerable Versions: 6.0.10 and probably prior Tested Version: 6.0.10 Advisory Publication: March 2, 2016 without technical details Vendor Notification: March 2, 2016 Vendor Patch: March 16, 2016 Publ...

Out-of-bounds

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...