94 matches found
Mobile Menace Monday: Malicious clicker with extra maliciousness included
A new malicious clicker has emerged onto third-party app stores. Chinese in origin, the malicious app uses heavy obfuscation and poses as a battery optimizer app. We classify is as Android/Trojan.Clicker.hyj. Click to view slideshow. Hide what’s inside To obfuscate its code, Clicker.hyj uses an A...
phpMyAdmin Denial of Service Vulnerability
phpmyadmin is an online management tool for MySQL databases. A denial of service vulnerability exists in phpmyadmin versions 4.4.x, 4.6.x, and 4.0.x in loading certain JavaScript files, which can be exploited by an attacker to cause a denial of service attack...
Joyent Node.js UglifyJS Security Bypass Vulnerability
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js UglifyJS allows remote attackers to alter functionality using specially crafted Javascript files, as the program fails to properly handle Non-Boolean comparisons...
rbbtext - External URLs, WebView JavaScript enabled, WebView files access vulnerabilities
HackApp vulnerability scanner discovered that application rbbtext published at the 'play' market has multiple vulnerabilities...
Joomla Joins WordPress As TeslaCrypt Ransomware Target
Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute’s Internet Storm Center. “The group behind the WordPress ‘admedia’ campaign is now apparently targeti...
Mandriva Linux Security Advisory : clamav (MDVSA-2015:166)
Updated clamav packages fix security vulnerabilities : ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs : Certain JavaScript files causes ClamAV to segfault when scanned with the -a list archived files CVE-2013-6497. A heap buffer overflow was reported in...
DEBIAN-CVE-2011-3591
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...
MGASA-2014-0487 Updated clamav packages fix security vulnerabilities
Certain javascript files causes ClamAV to segfault when scanned with the -a list archived files CVE-2013-6497. A heap buffer overflow was reported in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file CVE-2014-9050. ClamAV has been updated to version 0.98.5 to address these...
ClamAV < 0.98.5 Multiple Vulnerabilities
According to its version, the ClamAV clamd antivirus daemon on the remote host is prior to 0.98.5. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to using the 'clamscan -a' command to scan certain JavaScript files that could cause the applicati...
USN-2371-1 exuberant-ctags vulnerability
It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consume resources, resulting in a denial of service...
WeGame Code Execution/Credential stealing Exploit
Exploit for php platform in category web applications ---------------------------------------------------------------------- 888 .d8888b. 888 d88P Y88b 888 .d88P .d8888b .d88b. 88888b.d88b. 88888b. 888 8888" 888 888 d88P" d88""88b 888 "888 "88b 888 "88b 888 "Y8b. Y8bd8P' 888 888 888 888 888 888 8...
Thunderbird 3.1 < 3.1.16 Multiple Vulnerabilities (Mac OS X)
The installed version of Thunderbird 3.1 is earlier than 3.1.16. Such versions are potentially affected by the following security issues : - There is an error within the JSSubScriptLoader that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a malicious plug-in, an...
CVE-2008-0418
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing sessio...
Malicious Website - JavaScript Files Linked on Web Site
Binary data 4334.prm...