24 matches found
EUVD-2014-0381
Malware in sbrugna...
EUVD-2025-6548
Malicious code in bioql PyPI...
CVE-2024-26129
PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4...
CVE-2025-30143
Rule 3000216 before version 2 in Akamai App & API Protector with Akamai ASE before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties...
CVE-2025-30143
Rule 3000216 before version 2 in Akamai App & API Protector with Akamai ASE before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties...
CVE-2025-30143
Rule 3000216 before version 2 in Akamai App & API Protector with Akamai ASE before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties...
Akamai ASE 安全漏洞
Akamai ASE is an adaptive security engine from Akamai. A security vulnerability exists in Akamai ASE versions prior to 2024-12-10, which stems from Rule 3000216 not properly handling JavaScript variable assignments...
Email Encoder < 2.1.2 - Reflected Cross Site Scripting
The plugin has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. The vulnerable function is nonce protected, the nonce can be found in the site's HTML source by searching for the javascript variable...
Mozilla Firefox Denial of Service Vulnerability (CNVD-2021-07542)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability previously existed in Mozilla Firefox version 85.0. The vulnerability stems from the fact that performing garbage collection on a redeclared JavaScript variable can lead to...
CVE-2021-23960
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability previously existed in Mozilla Firefox version 85.0. The vulnerability stems from the fact that performing garbage collection on a redeclared JavaScript variable can lead to...
Honeywell IP-Camera HICC-1100PT - Credentials Disclosure
imply go to the following url: http://host:port/cgi-bin/readfile.cgi?query=ADMINID Should return some javascript variable which contain the credentials and other configuration vars: var AdmID="admin"; var AdmPass1=“admin”; var AdmPass2=“admin”; var Language=“en”; var LogoffTime="0"; Request: GET...
Uber: Authentication Issue for easter egg on bonjour.uber.com
This probably ok, almost definitely is just informative but thought I would throw it out here anyways. : bonjour.uber.com hosts an easter egg view source and scroll down where the passcode is insecurely stored as a javascript variable. The source for the easter egg is: html //error easter egg -...
Bumble: [CRITICAL] Full account takeover using CSRF
Hi , I have found a CSRF issue that allows an attacker to link his gmail , facebook ... or any social account to the victim's account and hijack the whole account. Details: When a user tries to link a gmail account with his account , after he authorizes badoo to use his gmail account he will be...
Code injection
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments...
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2833-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2833-1 advisory. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered...
UBUNTU-CVE-2015-7204
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments...
CVE-2014-0343
The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable...
Improper access control
The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable...
CVE-2014-0343
The CVE concerns Virtual Access GW6110A routers. Affected software versions are 9.00–before 9.09.27, 9.50–before 9.50.21, and 10.00–before 10.00.21. The vulnerability allows an authenticated remote user to escalate privileges by modifying a JavaScript variable that checks user access level on the...