CVE-2015-0801

CVE-2015-0801 describes a cross-domain bypass of Same Origin Policy in Mozilla Firefox (and derivatives) via anchor navigation to execute JavaScript with chrome privileges. The issue affects Firefox/Firefox ESR and Thunderbird (per initial entry and IBM/Debian advisories referencing these CVEs). ...

CVE-2015-0810

Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element...

Updated dokuwiki package fixes security vulnerability

DokuWiki before 20140929d is vulnerable to a cross-site scripting XSS issue in the user manager. The user's details were not properly escaped in the user manager's edit form. This allows a registered user to edit her own name using the change profile option to include malicious JavaScript code. T...

Microsoft Windows Vista Feed Headlines Gadget Code Execution (MS07-048) - Ver2 (CVE-2007-3033)

Gadgets are mini applications with a variety of possible uses. They can connect to web services to deliver business data, weather information, news updates, traffic maps, Internet radio streams, and even slide shows of on-line photo albums. Windows Vista is shipped with a set of gadgets, includin...

Design/Logic Flaw

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

Et-Chat 3.0.6 Cross Site Scripting

Exploit Title: Et-Chat 3.0.6 Cross Site Scripting Vulnerability Google Dork: "ET-Chat v3.0.6" Date: 2015-03-20 Exploit Author: IranHack Security Team Tested on: Windows 7 Vendor : Www.Et-chat.Ir Our Website : Www.IranHack.Org Vulnerable code : Location :...

CVE-2015-1230

The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript cod...

CVE-2015-1230

CVE-2015-1230 concerns Google Chrome/Blink. The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h conflicts with the AudioContext class, enabling a remote attacker to trigger type confusion via JavaScript when an AudioContext listener is added, potentially causing a denial of s...

CVE-2015-1230

Removed by vendor...

CVE-2015-0821

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions...

Double free

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...

CVE-2015-0821

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions...

CVE-2015-0821

Mozilla Firefox before 36.0 is affected by CVE-2015-0821. The vulnerability allows a user-assisted remote attacker to read arbitrary files or execute arbitrary JavaScript with chrome privileges via a crafted web site that is opened with unspecified mouse/keyboard actions. The issue stems from mem...

CVE-2015-0821

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions...

Cosmoshop - XSS on Admin-Login Mask

author: l0om page: l0om.org date: 14.02.2015 Cosmoshop is a simple webshop designed for the german market. There is a simple XSS flaw at the admin-login panel in probably all cosmoshop versions. The admin login can be found at http://www.shop-site.de/cgi-bin/cosmoshop/admin/index.cgi This page wi...

FreeBSD : rabbitmq -- Security issues in management plugin (8469d41c-a960-11e4-b18e-bcaec55be5e5)

The RabbitMQ project reports : Some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI : - When a user unqueued a message from the management UI, message details header names, arguments, etc. were displayed unescaped. An attacker coul...

Fortinet FortiOS Denial Of Service / Man-In-The-Middle

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Fortinet FortiOS Multiple Vulnerabilities Affected Versions: Verified on FortiOS Firmware v5.0,build4457 GA Patch 7 PDF:...

itBit Exchange: Stored xss in bank name withdraw

Open https://beta.itbit.com/accounts 2. Add new Bank Account with payload in name field - Bank of New York'"asdF 3. Save this account and 4. Select it as a target to withdraw As you can see in screenshot at this time there is some problem with javascript code some filtration affected but we...

CVE-2014-9648

components/navigationinterception/interceptnavigationresourcethrottle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service loss of browser...

CVE-2014-9648

Removed by vendor...