227 matches found
Session Hijacking, Cookie-Stealing WordPress Malware Spotted
Researchers have identified a strain of cookie stealing malware injected into a legitimate JavaScript file, that masquerades as a WordPress core domain. Cesar Anjos, a security analyst at Sucuri, a firm that specializes in WordPress security, came across the malware during an incident response...
Artifex Software MuJS Integer Overflow Vulnerability (CNVD-2017-01667)
Artifex Software MuJS is a lightweight JavaScript interpreter from Artifex Software, USA, which is used to embed into other software to provide script execution capabilities. Artifex Software MuJS 8f62ea10a0af68e56d5c00720523ebcba13c2e6a A security vulnerability exists in previous versions of...
CVE-2016-9642
JavaScriptCore in WebKit allows attackers to cause a denial of service out-of-bounds heap read via a crafted Javascript file...
CVE-2016-9642
JavaScriptCore in WebKit allows attackers to cause a denial of service out-of-bounds heap read via a crafted Javascript file...
CVE-2016-9642
CVE-2016-9642 affects WebKit's JavaScriptCore in WebKitGTK+ (WebKitGTK+ up to version before 2.16.0) and WebKit/WebKitGTK+ deployments. The root cause is an out-of-bounds heap read triggered by a crafted Javascript file, leading to a denial of service. Public advisories (e.g., ASA-201704-9 for Ar...
CVE-2016-9642
Removed by vendor...
UBUNTU-CVE-2016-9642
JavaScriptCore in WebKit allows attackers to cause a denial of service out-of-bounds heap read via a crafted Javascript file...
CVE-2016-9642
JavaScriptCore in WebKit allows attackers to cause a denial of service out-of-bounds heap read via a crafted Javascript file...
CVE-2017-5628
An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file...
CVE-2017-5627
An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsRsetproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the jspushstring function in jsrun.c when parsing a specially crafted JS...
CVE-2016-9017
Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsCdumpfunction function in the jsdump.c...
SUSE SLED12 / SLES12 Security Update : ctags (SUSE-SU-2016:2097-1)
This update for ctags fixes the following issues : - CVE-2014-7204: Potential denial of service infinite loop and CPU and disk consumption via a crafted JavaScript file. bsc899486 - Missing Requirespost on coreutils as it is using rm1. bsc976920 Note that Tenable Network Security has extracted th...
MediaWiki cross-site scripting vulnerability (CNVD-2015-02415)
MediaWiki is a Wiki program. A cross-site scripting vulnerability exists in MediaWiki. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a custom JavaScript file...
DEBIAN-CVE-2015-2938
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...
CVE-2015-2938
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...
CVE-2015-2938
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...
Cross site scripting
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...
UBUNTU-CVE-2015-2938
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...
CVE-2015-2938
Summary (CVE-2015-2938): MediaWiki is affected by an XSS vulnerability in the handling of a custom JavaScript file. Affected versions are MediaWiki < 1.19.24, 1.2.x < 1.23.9, and 1.24.x
MGASA-2014-0415 Updated ctags package fixes security vulnerability
A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop CVE-2014-7204...