Type confusion

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScrip...

SUSE CVE-2005-0231

Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."...

GHSA-3FH5-Q6FG-W28Q Prototype pollution in Snowboard framework

Impact The Snowboard framework in affected versions is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. Patches This issue has been patched in https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1 for 1.2 and...

UglifyJS 安全漏洞

UglifyJS is a JavaScript parser, compressor, cruncher and beautification toolkit for mishoo individual developers. A security vulnerability exists in UglifyJS version 3.13.2, which stems from the susceptibility of ast.js' DEFNODE function to prototype contamination...

Persistent Cross Site Scripting - LayoutEditor Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On LayoutEditor module from Settings, the type of fieldModel-label parameter is "Text" but it is not validated and it's used directly without any encoding or validation on LayoutEditor/EditField.tpl. It...

CVE-2022-31180 Insufficient escaping of whitespace in shescape

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

Cross site scripting

The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code...

Foxit PDF Reader Remote Code Execution Vulnerability (CNVD-2021-59168)

Foxit PDF Reader is a PDF reader. Foxit PDF Reader handles Javascript security vulnerabilities, which can be exploited by attackers to execute arbitrary code...

Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC

The Mozilla Foundation Security Advisory describes this flaw as: Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash...

Prototype Pollution

Overview grpc is a gRPC Library for Node Affected versions of this package are vulnerable to Prototype Pollution via loadPackageDefinition. POC: const loadPackageDefinition = require'grpc'; loadPackageDefinition'proto.polluted': true; console.logpolluted; Details Prototype Pollution is a...

Prototype Pollution

Overview bodymen is a Body parser middleware for MongoDB, Express and Nodejs. Affected versions of this package are vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC by JHU System Security La...

Cisco SPA100 Series Analog Telephone Adapters CVE-2019-12702 Cross Site Scripting Vulnerability

Description Cisco SPA100 Series Analog Telephone Adapters are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

SUSE-SU-2019:1458-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to 60.7.0. Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut These security issues were fixed MFSA 2019-15 bsc1135824: CVE-2019-9815: Disable hyperthreadi...

Magento CMS Multiple Security Vulnerabilities

Description Magento CMS is prone to the following security vulnerabilities. 1. Multiple HTML-injection vulnerabilities 2. Multiple remote code execution vulnerabilities 3. Multiple cross-site scripting vulnerabilities 4. An information-disclosure vulnerability 5. An authorization-bypass...

A week in security (August 6 – August 12)

Last week, we published a review of exploit kits, talked about everyday tech that can give you a headache, and showed how to protect RDP access from ransomware. We also published a study on the true cost of cybercrime. Other news: Discovered at Black Hat: WhatsApp "message manipulation" Source: T...

For Youtube advanced Flash vulnerability bug research-vulnerability warning-the black bar safety net

A, media Flash is still a lively intimidating origin. In 2017, I isolated to Facebook, Youtube, WordPress, Yahoo, Paypal and Stripe to submit a Flash flaws. In the past 3 years, I to the flaws winning the narratives presented across 50 Flash flaws, get across the 80k dollar awards. Since Spirit i...

Tor: Simple CSS line-height identifies platform

There are lots of ways to identify the Tor Browser. User-Agent string, limited time resolution, no media, etc. Assume you know it is the Tor Browser. Can you tell what platform? NOTE: This assumption is well within the scope of the Tor Browser. The Tor Browser does not hide the fact that it is th...

WebKit JSC Intl.getCanonicalLocales Heap Buffer Overflow

WebKit: JSC: heap buffer overflow in Intl.getCanonicalLocales CVE-2017-6984 Here's tryCreateArrayButterfly which is invoked from intlObjectFuncGetCanonicalLocales to create a JSArray object. inline Butterfly tryCreateArrayButterflyVM& vm, JSCell intendedOwner, unsigned initialLength Butterfly...

ATCOM PBX IP01 / IP08 / IP4 / IP2G4A - Authentication Bypass

Title: ATCOM PBX system , auth bypass exploit Author: i-Hmx contact : [email protected] Home : sec4ever.com Tested on : ATCOM IP01 , IP08 , IP4G and ip2G4A Details The mentioned system is affected by auth bypass flaw that allow an attacker to get admin access on the vulnerable machine without...

Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...