CVE-2015-5825

WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code...

Vimeo: XSS on vimeo.com | "Search within these results" feature (requires user interaction)

Description When you search in pages such as the videos of some Category or the videos of some User, and you receive more than 0 results, the path of the URL is put in the attribute data-start-page of a element without escaping. This allows to insert another attribute like onmouseover to execute...

CVE-2015-1300

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...

CVE-2015-1291

Removed by vendor...

CVE-2015-1291

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

IP.Board 4.X - Stored XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: IP.Board 4.X Stored XSS Date: 27-08-2015 Software Link: https://www.invisionpower.com/ Exploit Author: snop. Contact: http://twitter.com/rabbitzorg Website: http://rabbitz.org Category: webapps 1. Description A registered or...

ModX Revolution 2.3.5-pl Cross Site Scripting Vulnerability

ModX Revolution version 2.3.5-pl suffers from a reflective cross site scripting vulnerability. ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability Security Advisory – Curesec Research Team 1. Introduction Affected Product: ModX Revolution 2.3.5-pl Fixed in: not fixed Fixed...

The vulnerability of the Google Chrome operating system, which allows a perpetrator to trigger a service failure

The vulnerability of Google Chrome’s regular expression implementation is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using JavaScript code...

Analysis of the latest firefox 0day attack-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-8/2015813114114594.jpg The Mozilla Foundation in the 8 May 6, as Firefox released a security update to fix the Firefox embedded PDF reader pdf. js in the cve-2 0 1 5-4 4 9 5 vulnerability. The vulnerability allows an attacker to bypass the same origin policy,in the local...

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

Xceedium Xsuite - Multiple Vulnerabilities

Xceedium Xsuite - Multiple Vulnerabilities See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt --------------------------------------------------------------------- modzero Security Advisory: Multiple Vulnerabilities in Xceedium Xsuite MZ-15-02...

CVE-2015-5379: Axigen XSS vulnerability for html attachments

CVEID: CVE-2015-5379 SUBJECT: Axigen XSS vulnerability for html attachments DESCRIPTION: Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expo...

CVE-2015-5605

The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service application crash via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of...

Flippy My Life Stories 2.0 XSS Vulnerability

Flippy My Life Stories 2.0 is a CMS allowing to create a everyday story website. Usage Info 1: Go to http://website.fr/register.html 2: In "nickname" type Javascript code like alert2 3: Go to http://website.fr/userlogin.html and Log in 4: Click on "My Stories", it will lead you on the vulnerable...

Novell GroupWise 2014 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-021 Product: GroupWise Vendor: Novell Affected Versions: 2014 Tested Versions: 2014 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Fixed Vendor Notification: 2015-05-04 Solution Date:...

Mozilla Firefox Multiple Security Bypass Vulnerability (Jul 2015) - Mac OS X

Mozilla Firefox is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2015-2727

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a...

CVE-2015-2727

CVE-2015-2727 affects Mozilla Firefox 38.0 and Firefox ESR 38.0. It enables a user-assisted remote attacker to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by visiting a crafted website; the issue is tied to a regression from CVE-2015-0821. Affected systems inc...

CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html CVE ID : CVE-2015-3443 Product: Secret Server 1 Vendor: Thycotic Subject: Stored Cross-Site Scripting Vulnerability XSS Risk: High Effect: Remotely exploitable Author: Marco Delai [email protected] Date: June 24th 2015...