Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

GHSA-2RM7-XXX8-35JH MediaWiki Cross-site Scripting (XSS)

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

Design/Logic Flaw

A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks...

F5 BIG-IP cross-site scripting vulnerability in multiple products

F5 BIG-IP and F5 BIG-IP Guided Configuration GC are both products of F5, Inc. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IP Guided Configuration is a configuration template. cross-site...

IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2021-35619)

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A cross-site scripting vulnerability exists in Nexus Repository Manager version 3.x prior to 3.30.1, which can be exploited by an attacker...

Google Releases Spectre PoC Exploit For Chrome

Google has released proof-of-concept PoC exploit code, which leverages the Spectre attack against the Chrome browser to leak data from websites. Three years after the Spectre attack was first disclosed, researchers with Google have now released a demonstration website that leverages the attack,...

HCL Notes Cross-Site Scripting Vulnerability

HCL Notes is a local email client from HCL India. HCL Notes suffers from a cross-site scripting vulnerability that stems from a lack of proper validation of client data by the WEB application. An attacker can exploit the vulnerability to run JavaScript code in the context of a website...

Mozilla: Type-confusion in IonMonkey JIT compiler

A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

CVE-2018-14279

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-14256

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-4990 Adobe Reader code execution exploit analysis-exploit warning-the black bar safety net

2018 5 on 15 September, ESET released the article“A tale of two zero-days”, the article disclosed this year 3 month ESET in malware scan engine VirusTotal on the capture of the one used to attack the test PDF document. The PDF document contains a sample of two pieces of 0-day Vulnerability,...

EUVD-2016-4251

The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."...

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

Dude, where’s my heap?

Guest posted by Ivan Fratric, spraying 1TB of memory The ability to place controlled content to a predictable location in memory can be an important primitive in exploitation of memory corruption vulnerabilities. A technique that is commonly used to this end in browser exploitation is heap...

EUVD-2013-6473

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements...

ClickIt Proof Of Concept

X-Frame-Options is worth less than you think var w; var dummy; var it; // Precache stuff. x = new Image; x.src = 'http://banking.beaver-peak.us/bankinginterface/transfers/'; x2 = new Image; x2.src = 'http://banking.beaver-peak.us/bankinginterface/transfers/beaver-peak.jpg'; x3 = new Image; x3.src...

ICQ vulnerable to account theft using JavaScripts

ICQ vulnerable to account theft using JavaScripts In security advisories for ICQ https://noptrix.net/advisories/icqclixss.txtand the ICQ web site https://noptrix.net/advisories/icqwebxss.txt, security researcher Levent Kayan warns that both the ICQ instant messenger for Windows and the ICQ web si...

CVE-2004-1201

Opera 7.54 allows remote attackers to cause a denial of service application crash from memory exhaustion, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...

CVE-2003-0816

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by 1 using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, 2 using the window.open method to load a file: URL containing Javascript, as demonstrated using...