Thycotic Secret Server 8.8.000004 Cross Site Scripting

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html CVE ID : CVE-2015-3443 Product: Secret Server 1 Vendor: Thycotic Subject: Stored Cross-Site Scripting Vulnerability XSS Risk: High Effect: Remotely exploitable Author: Marco Delai [email protected] Date: June 24th 2015...

Cisco Application and Content Networking System URL Page Return Cross-Site Scripting Vulnerability

A vulnerability in Cisco Application and Content Networking System ACNS could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of the URL of pages that are not accessible to the end user that could be return...

Google Chrome < 43.0.2357.65 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.65. It is, therefore, affected by multiple vulnerabilities as referenced in the 201505stable-channel-update19 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attacke...

CVE-2015-1260

Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...

Server side request forgery (ssrf)

Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...

CVE-2015-1260

Removed by vendor...

Analysis WordPress a js Backdoor-vulnerability warning-the black bar safety net

We were recently in a lot of WordPress sites to find a for a collection the administrator login credentials for the backdoor, the injured site is to insert a concealment code, when an administrator logs on, the code is triggered, the Administrator's login credentials are encrypted by the GET...

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

Design/Logic Flaw

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

Comalatech Comala Workflows 4.6.1 CSRF / XSS Vulnerabilities

Comalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for...

Cross site scripting

Cross-site scripting XSS vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component...

CVE-2015-1773

Cross-site scripting XSS vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component...

Mapbox: Persistent cross-site scripting (XSS) in map attribution

Hello, I have found a Persistent Cross Site Scripting vulnerability when using a custom style uploaded by myself. Mapbox Studio allows create and upload styles for your maps. So if we create a new style with javascript code as attribution value it will be executed when loading a map that uses our...

CVE-2015-0810

Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element...

CVE-2015-0802

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of ...

CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...

Design/Logic Flaw

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...

Design/Logic Flaw

Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element...

Design/Logic Flaw

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...