CVE-2011-2881

CVE-2011-2881 corresponds to multiple vulnerability entries affecting Google Chrome before 14.0.835.202 . The issue stems from improper handling of Google V8 hidden objects , allowing a remote attacker to cause a denial of service via memory corruption (and possibly other impact). Public referenc...

CVE-2011-2881

Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

CVE-2011-2998

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via JavaScript code containing a large RegExp expression...

Integer overflow

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via JavaScript code containing a large RegExp expression...

ProjectForum XSS vulnerability

Overview ProjectForum 7.0.1.3038 and possibly previous versions, are vulnerable to cross site scripting XSS. Description CourseForum's ProjectForum software fails to sanitize all input fields. As a result, cross site scripting XSS attacks can be conducted. By default, a non-credentialed user can...

Advisory: Dolphin Browser HD Cross-Application Scripting

1 Background ============ Android applications are executed in a sandbox environment, to ensure that no application can access sensitive information held by another, without adequate privileges. For example, the Dolphin browser application holds sensitive information such as cookies, cache and...

ManageEngine ServiceDesk Plus <= 8.0 Build 8013 Authentication Bypass Vulnerability

ManageEngine ServiceDesk Plus is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Multiple XSS.

PMASA-2011-14 Announcement-ID: PMASA-2011-14 Date: 2011-09-14 Summary Multiple XSS. Description Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities...

Multiples Vulnerabilities in ManageEngine ServiceDesk Plus

Core Security - Corelabs Advisory 1. Advisory Information Title: Multiples Vulnerabilities in ManageEngine ServiceDesk Plus Advisory ID: CORE-2011-0506 Advisory URL: http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp Date published: 2011-09-14 Date of last update:...

phpMyAdmin -- multiple XSS vulnerabilities

phpMyAdmin development team reports: Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities. Versions 3.4.0 to 3.4.4 were found vulnerable...

Joomla Simple File Lister 1.0 Directory Traversal

Exploit Title: Joomla Simple File Lister module = 1.0 Directory Traversal Vulnerability Google Dork: "Simple File Lister v1.0" "Files in directory" Date: 2011-08-28 Author: evilsocket evilsocket at gmail dot com Software Link:...

DragDropCart Cross Site Scripting

Exploit Title: DragDropCart E-Commerce System Stored XSS Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability ISSUE Cross Site Scripting can be done using the command input Vulnerable Page: search.php yaxaluser.php Example: search.php?search= Exploit: "/...

Code injection

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...

CVE-2011-2984

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...

Nuclear-Blog v4. 0 message Board XSS vulnerability-vulnerability warning-the black bar safety net

In fact, this vulnerability, at the time the release of the Nuclear-Blog v4. 0 Source Code the day it was discovered, found that people are t00ls a core, and then I directly up, but the network disk download is still not up, so the current market for all Nuclear-Blog v4. 0 are the presence of thi...

Apache Archiva 1.3.4 Cross Site Scripting

Hi, This is regarding multiple XSS Cross Site Scripting Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Project: Apache Archiva Severity: High Versions: 1.3.0 - 1.3.4. The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Exploit...

HTB22979: Multiple XSS &#40;Cross Site Scripting&#41; vulnerabilities in Argyle Social

Vulnerability ID: HTB22979 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinargylesocial.html Product: Argyle Social Vendor: Argyle Social http://argylesocial.com/ Vulnerable Version: Current at 26/04/2011 Vendor Notification: 28 April 2011 Vulnerability...

Classmates XSS cross-site vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability description: Classmates 1.1.1 design flaws, leading toXSScross-site vulnerability; user can be in a vulnerable application to execute arbitrary JavaScript code. Since the vulnerability exists in“/themes/default/header.inc.php“script is not properly sanitized of user-supplied input t...

PHP Directory Listing Script 3.1 Cross Site Scripting

Vulnerability ID: HTB22968 Reference: http://www.htbridge.ch/advisory/xssinphpdirectorylistingscript.html Product: PHP Directory Listing Script Vendor: http://www.evoluted.net http://www.evoluted.net Vulnerable Version: 3.1 Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site...

SelectaPix Image Gallery 1.4.1 Cross Site Scripting

Vulnerability ID: HTB22964 Reference: http://www.htbridge.ch/advisory/xssinselectapiximagegallery.html Product: SelectaPix Image Gallery Vendor: http://www.outofthetrees.co.uk/ http://www.outofthetrees.co.uk/ Vulnerable Version: 1.4.1 Vendor Notification: 19 April 2011 Vulnerability Type: XSS Cro...