WordPress 'load-scripts.php' DoS Vulnerability - Linux

WordPress is prone to a denial of service DoS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

FreeBSD : wordpress -- multiple issues (a2589511-d6ba-11e7-88dd-00e04c1ea73d)

wordpress developers reports : Use a properly generated hash for the newbloguser key instead of a determinate substring. Add escaping to the language attributes used on html elements. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. Remove the ability to upload...

Mobile Menace Monday: Malicious clicker with extra maliciousness included

A new malicious clicker has emerged onto third-party app stores. Chinese in origin, the malicious app uses heavy obfuscation and poses as a battery optimizer app. We classify is as Android/Trojan.Clicker.hyj. Click to view slideshow. Hide what’s inside To obfuscate its code, Clicker.hyj uses an A...

The vulnerability of Google Chrome’s browser allows a malicious actor to circumvent access restrictions.

The Google Chrome browser contains a vulnerability related to improper handling of internationalization metadata. Exploiting this vulnerability allows malicious actors to bypass access restrictions by using “type mixing” and viewing property information. The vulnerability is associated with the...

phpMyAdmin Denial of Service Vulnerability

phpmyadmin is an online management tool for MySQL databases. A denial of service vulnerability exists in phpmyadmin versions 4.4.x, 4.6.x, and 4.0.x in loading certain JavaScript files, which can be exploited by an attacker to cause a denial of service attack...

Joyent Node.js UglifyJS Security Bypass Vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js UglifyJS allows remote attackers to alter functionality using specially crafted Javascript files, as the program fails to properly handle Non-Boolean comparisons...

rbbtext - External URLs, WebView JavaScript enabled, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application rbbtext published at the 'play' market has multiple vulnerabilities...

Joomla Joins WordPress As TeslaCrypt Ransomware Target

Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute’s Internet Storm Center. “The group behind the WordPress ‘admedia’ campaign is now apparently targeti...

Mandriva Linux Security Advisory : clamav (MDVSA-2015:166)

Updated clamav packages fix security vulnerabilities : ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs : Certain JavaScript files causes ClamAV to segfault when scanned with the -a list archived files CVE-2013-6497. A heap buffer overflow was reported in...

DEBIAN-CVE-2011-3591

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

MGASA-2014-0487 Updated clamav packages fix security vulnerabilities

Certain javascript files causes ClamAV to segfault when scanned with the -a list archived files CVE-2013-6497. A heap buffer overflow was reported in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file CVE-2014-9050. ClamAV has been updated to version 0.98.5 to address these...

ClamAV < 0.98.5 Multiple Vulnerabilities

According to its version, the ClamAV clamd antivirus daemon on the remote host is prior to 0.98.5. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to using the 'clamscan -a' command to scan certain JavaScript files that could cause the applicati...

USN-2371-1 exuberant-ctags vulnerability

It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consume resources, resulting in a denial of service...

WeGame Code Execution/Credential stealing Exploit

Exploit for php platform in category web applications ---------------------------------------------------------------------- 888 .d8888b. 888 d88P Y88b 888 .d88P .d8888b .d88b. 88888b.d88b. 88888b. 888 8888" 888 888 d88P" d88""88b 888 "888 "88b 888 "88b 888 "Y8b. Y8bd8P' 888 888 888 888 888 888 8...

Thunderbird 3.1 < 3.1.16 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 3.1 is earlier than 3.1.16. Such versions are potentially affected by the following security issues : - There is an error within the JSSubScriptLoader that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a malicious plug-in, an...

CVE-2008-0418

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing sessio...

Malicious Website - JavaScript Files Linked on Web Site

Binary data 4334.prm...