CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

CVE-2016-1646

Summary: CVE-2016-1646 affects Google Chrome’s V8 engine. The Array.prototype.concat implementation in V8/builtins.cc does not properly consider element data types, enabling a remote attacker to cause a denial of service (out-of-bounds read) via crafted JavaScript code. Affected software/versions...

CVE-2016-1648

Google Chrome vulnerability CVE-2016-1648 is a use-after-free in the Extensions implementation (renderer/loadtimes_extension_bindings.cc GetLoadTimes) that could allow remote disruption via crafted JavaScript. Affected product: Chrome before 49.0.2623.108; remediation: update to 49.0.2623.108 or ...

UBUNTU-CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

Gratipay: auto-logout after 20 minutes

Hi, Session is not getting expired even after keeping the application idle for 20 min and after browser closure. Information: JavaScript code can be used by the web application in all or critical pages to automatically logout client sessions after the idle timeout expires, for example, by...

WordPress SiteMile Project 2.0.9.5 Theme - Multiple Vulnerabilities

Exploit for php platform in category web applications Wordpress ProjectTheme Multiple Vulnerabilities - - ------------------------------------------------------------ Affected Version ================ Project Theme: 2.0.9.5 Problem Overview ================ Technical Risk: high Likelihood of...

Design/Logic Flaw

The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8helpers.h and gin/converter.h...

CVE-2016-1632

The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8helpers.h and gin/converter.h...

CVE-2016-2844

WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service incorrect cast and assertion failure or possibly have unspecified other...

CVE-2016-2275

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code...

Improper access control

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code...

CVE-2016-2275

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code...

CVE-2016-2275

CVE-2016-2275 affects Advantech/B+B SmartWorx VESP211-EU (firmware 1.7.2) and VESP211-232 (firmware 1.5.1 and 1.7.2). The web interface relies on client-side authentication, permitting remote attackers to perform administrative actions by modifying JavaScript. Exposure is via network-accessible w...

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting

Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting Exploit Title :Vesta Control Panel " http://victimserver 3. We wait Administrator to read access.log that injected our evil.js 4...

Vesta Control Panel 0.9.8-15 Cross Site Scripting

Exploit Title :Vesta Control Panel " http://victimserver 3. We wait Administrator to read access.log that injected our evil.js 4. We log-in VestaCP via password we changed https:...

CVE-2016-1622

The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

Microsoft Edge ASLR Bypass (MS16-011: CVE-2016-0080)

An ASLR bypass vulnerability exists in Microsoft Edge. A remote attacker could exploit this issue by convincing target users to view a web page containing malicious JavaScript code with an effected version of Microsoft Edge. Successful exploitation could allow an attacker to gain the same user...

CVE-2015-8509

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code...

Code injection

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code...

The vulnerability of the Firefox browser, which allows a violator to trigger a service failure or cause other effects

The vulnerability of the XDRBuffer::grow function js/src/vm/Xdr.cpp in the Firefox browser is triggered by buffer overflows. Exploiting this vulnerability can allow a remote attacker to cause a service failure or other effects, by using specially crafted JavaScript code...