3107 matches found
CVE-2014-1717
Removed by vendor...
Sagem Fast 3304-V2 Authentication Bypass
Title : Sagem F@st 3304-V2 Authentification Bypass Vendor : http://www.sagemcom.com Severity : High Tested on : Firefox, Google Chrome, Internet Explorer Tested Router : Sagem F@st 3304-V2 3304, 3464, 3504 may also be affected Date : 2014-09-04 Author : Yassine Aboukir Contact : [email protected]...
Apple ID Phishing Scam Steals Credentials, Credit Cards
A new email phishing scam is making use of a realistic-looking Apple login page in order to pilfer Apple ID usernames and passwords before moving on to steal user credit card information. According to SANS Internet Storm Center forums member, Craig Cox, this phishing scam is particularly...
Mandriva Linux Security Advisory : otrs (MDVSA-2014:054)
Updated otrs package fixes security vulnerability : An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695. %NASLMINLEVEL 70300 C Tenable Network Security,...
Design/Logic Flaw
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...
CVE-2014-1887
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated b...
CVE-2014-1887
The CVE concerns the DrinkedIn BarFinder Android app when used with Adobe PhoneGap 2.9.0 or earlier. The underlying issue allows a remote attacker to execute arbitrary JavaScript by exploiting control over certain adult sites (e.g., freelifetimecheating.com and www.babesroulette.com), which in tu...
CVE-2012-6636
CVE-2012-6636 corresponds to an Android WebView issue where WebView.addJavascriptInterface is not properly restricted, allowing crafted JavaScript to invoke Java object methods via Reflection and potentially achieve remote code execution on apps targeting API level 16 or earlier. Connected docs s...
otrs -- XSS Issue
The OTRS Project reports: An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed...
CVE-2013-6658
Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving 1 running JavaScript code during execution of the...
CVE-2014-0322
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014. Recent...
WordPress Buddypress 1.9.1 Cross Site Scripting
Vulnerability: Wordpress plugin Buddypress = 1.9.1 stored xss Date: 13/02/2014 Author: Pietro Oliva Vendor Homepage: http://buddypress.org Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip Version: 1.9.1 CVE : CVE-2014-1888 Responsibly disclosed and patched in version 1.9....
i-doit Pro 1.2.4 Cross Site Scripting
COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2014-1237 CSNC ID: CSNC-2014-002 Product: i-doit Vendor: synetics Gesellschaft für Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...
GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
Author Information Author : Ahmed Elhady Mohamed Website : http://1nfosec4all.blogspot.com/ twitter : @kingasmk facebook :https://www.facebook.com/groups/ITsec4all/ Software Information Affected Software : GetSimple CMS 3.2.3, 3.1.2 Software website : http://get-simple.info/ CVE Reference :...
YXcmsApp某处xss导致getshell
简要描述: xss到后台导致getshell一条龙服务不过略鸡肋。 详细说明: YXCMS是一款面向企业的内容管理系统,采用三级缓存,MVC架构以BSD协议开源。 注册了用户以后来到用户管理页面,点击信息发布 - 增加咨询,发现是一个富文本编辑器,kindeditor。不管是什么编辑器,既然给了一个用户这么大的权限,这种情况下很容易出现xss。 随便输入点什么东西,抓包,修改content字段内容,写你的xss代码,什么都行。 好了。管理员在后台就能看到我提交的文章: 然后编辑的话就能触发xss:...
CVE-2013-6671
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements...
osCmax e-Commerce 2.5.3 Cross Site Scripting / Shell Upload
Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Title : osCmax...
Out-of-bounds
The DehoistArrayIndex function in hydrogen-dehoist.cc aka hydrogen.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via JavaScript code that sets the...
Out-of-bounds
The DehoistArrayIndex function in hydrogen-dehoist.cc aka hydrogen.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service out-of-bounds read via JavaScript code that sets a variable to the value of an array element with...
CVE-2013-6640
The DehoistArrayIndex function in hydrogen-dehoist.cc aka hydrogen.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service out-of-bounds read via JavaScript code that sets a variable to the value of an array element with...