3107 matches found
WordPress Gallery Master 1.0.22 Cross Site Scripting
Exploit : For Exploiting This Vulnerability Install Testimonial Slider Plugin Then Create New SGallery In Gallery Title Input And Gallery Description Place Your JavaScript Code After Creating Gallery JavaScript Code Will Be Executed . Plugin Is Accessable By Authors , Administartors , Editors...
Buffer overflow
Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code...
CVE-2015-7220
CVE-2015-7220 refers to a buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0. According to connected advisories, this vulnerability affects Firefox up to version 42.x and is triggered by crafted JavaScript code, potentially allowing a denial of ser...
CVE-2015-6774
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimesextensionbindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that...
CVE-2015-6771
CVE-2015-6771 affects Google Chrome/Chromium using the V8 JavaScript engine. The vulnerability is an out-of-bounds read in V8 (js/array.js) related to array map/filter operations, exploitable via crafted JavaScript to cause remote DoS. Affected versions prior to Chrome/Chromium 47.0.2526.73 are f...
CVE-2015-6774
CVE-2015-6774 is a use-after-free in the Chrome/Chromium Extensions bindings. A crafted JavaScript payload in renderer/loadtimes_extension_bindings.cc (GetLoadTimes) can trigger a crash or potentially broader impact, leading to a denial of service and unspecified effects. Affected product: Google...
WordPress Users Ultra Plugin 1.5.50 - Persistent XSS
Because of this vulnerability, an attacker can include JavaScript code in package name or description. Solution Upgrade the plugin...
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting Exploit Title: WordPress Users Ultra Plugin Persistence XSS Discovery Date: 2015/10/20 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...
imagefap.com XSS vulnerability
Vulnerable URL: http://www.imagefap.com/clubs.php?avatar=1=1category=1=1=1=25=1;'%22%26%25prompt/XSSPOSED/...
The vulnerability of the Firefox browser, which allows a hacker to execute scripts across different websites
The vulnerability of the Firefox browser’s SDK extension is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to execute cross-site scripting attacks using specially crafted JavaScript code...
Open-Xchange Guard 2.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Product: Open-Xchange Guard Vendor: Open-Xchange GmbH Internal reference: 41466 Bug ID Vulnerability type: Cross-Site-Scripting CWE-80 Vulnerable version: 2.0 Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by...
iBackDoor: the suspected back door, the impact of the iOS app a high risk of code-bug warning-the black bar safety net
! Recently, FireEye Mobile Security researchers discovered embedded into the iOS app in the suspected“back door”behavior mobiSage advertising in the library, and these applications are from the App Store. The researchers will be the potential of the back door called iBackDoor, allowing hackers...
iBackDoor: High-Risk Code Hits iOS Apps
Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...
CVE-2013-7445
The Direct Rendering Manager DRM subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager GEM objects, which allows context-dependent attackers to cause a denial of service memory consumption via an application that processes graphics data, as demonstrated by...
CVE-2015-6755
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...
CVE-2015-7327
Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls...
CVE-2015-4519
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element...
CVE-2015-4519
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element...
When a 'Hacker News' Reader Tricked Me into visiting this Amazing Site (Don't Click at Work)
My usual bed routine is to check comments under my articles before I go to sleep. The same I was doing last night, but something weird happened to me. Someone posted a mysterious short link without any text below one of my articles on our official 'The Hacker News' Facebook Page, and with the...
Code injection
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code...