CVE-2014-3190

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted JavaScript code that...

CVE-2014-3195

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive...

Design/Logic Flaw

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted JavaScript code that...

CVE-2014-3195

Removed by vendor...

CVE-2014-3191

Removed by vendor...

CVE-2014-3190

Removed by vendor...

CVE-2014-3190

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted JavaScript code that...

CVE-2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree,...

CVE-2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree,...

Nessus Web UI 2.3.3 Cross Site Scripting

Nessus Web UI 2.3.3: Stored XSS ========================================================= CVE number: CVE-2014-7280 Permalink: http://www.thesecurityfactory.be/permalink/nessus-stored-xss.html Vendor advisory: http://www.tenable.com/security/tns-2014-08 -- Info -- Nessus is a proprietary...

Concrete CMS: Stored XSS in concrete5 5.7.0.4.

Hello. I found stored XSS in concrete5 5.7.0.4. If the user have file upload permission the user can upload the file named like ".txt and the file name is displayed without being escaped. and when other user access the file manager page, Execute Javascript code on page load. Regards...

Design/Logic Flaw

The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00AADY.4C0 and earlier allows remote attackers to cause a denial of service persistent web-interface outage via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginM...

CVE-2014-7278

CVE-2014-7278 affects ZyXEL SBG-3300 Security Gateway (firmware 1.00(AADY.4)C0 and earlier). The vulnerability allows remote attackers to trigger a Denial of Service by injecting JavaScript in the loginMsg used by the login page’s welcome message form, causing a persistent web-interface outage. T...

CVE-2014-5318

The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities

Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities Exploit Title: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities Google Dork: intitle:"Powered by Pro Chat Rooms" Date: 5 August 2014 Exploit Author: Mike Manzotti @ Dionach Ltd Vendor Homepage: http://prochatrooms.com Software Link:...

Fixed potential path traversal attack and remote code injection

This is a security release. All users MUST upgrade to this release to prevent two potential security issues: - path traversal attack - remote code injection These two security issues have been reported by Andreas Forsblom. THANKS! Below is the original report Andreas sent me: Hi William, First,...

CVE-2014-1561

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...

Design/Logic Flaw

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...

php-decoda - Cross-Site Scripting In Video Tag

No description provided by source. Advisory: php-decoda: Cross-Site Scripting in Video Tags RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the PHP markup parser Decoda. This allows attackers that should be restricted to the markup supported by Decoda to specify a...

Juniper Junos 8.5/9.0 J-Web Interface /diagnose Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web Juniper Web Management. Attacker-supplie...