655 matches found
04_nodeblog (=1.0.0), 08cms (=1.0.0) +17235 more potentially affected by CVE-2015-8858 via uglify-js (>=0.0.1 <=2.5.0)
uglify-js NPM version =0.0.1, =0.3.0, =0.0.1, =1.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0-alpha - 3vot-clay =2.0.1 and more Source cves: CVE-2015-8858 Source advisory: OSV:GHSA-C9F4-XJ24-8JQX...
duplicazionecdrom.it XSS vulnerability
Open Bug Bounty ID: OBB-359803 Description| Value ---|--- Affected Website:| duplicazionecdrom.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Mapbox.js cross-site scripting vulnerability (CNVD-2017-27716)
Mapbox.js is a U.S. Mapbox company's open source for rapid development of interactive map library . A cross-site scripting vulnerability exists in Mapbox.js version 1.x before 1.6.6 and version 2.x before 2.2.4. A remote attacker can exploit this vulnerability to inject scripted content into the...
Apple Safari 10.0.3(12602.4.8) WebKit - HTMLObjectElement::updateWidget Universal Cross-Site Scripting
Apple Safari 10.0.312602.4.8 WebKit - HTMLObjectElement::updateWidget Universal Cross-Site Scripting url; ... if !allowedToLoadFrameURLurl return; ... bool beforeLoadAllowedLoad = guardedDispatchBeforeLoadEventurl; ... bool success = beforeLoadAllowedLoad && hasValidClassId; if success success =...
Ember.js Cross-Site Scripting Vulnerability
Tilde Ember.js is the United States Tilde company's set of JavaScript framework for creating Web applications . A cross-site scripting vulnerability exists in Ember.js. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
W3C High Resolution Time API AnC Attack Vulnerability
The W3C High Resolution Time API is a set of JavaScript interfaces for providing web applications with a sub-millisecond resolution of the current time format. A security vulnerability exists in the W3C High Resolution Time API. The vulnerability can be exploited by an attacker with specially...
UBUNTU-CVE-2016-9904
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox 50.1, Firefox...
Cross-Site Scripting (XSS)
django-allauth is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the facebook and persona providers because the fields do not escape javascript...
Sagem Fast 3304-V2 Credential Disclosure
Exploit title: FAST3304v2 Credentials Disclosure vulnerability Author: Nassim Asrir Author Company: HenceForth Author Email: [email protected] Discovered on: 13/11/2016 Tested on: Linux x8664 / Mozilla Firefox 49. Tested Version: Sagem Fast 3304-V2 other versions may also be affected Vendor:...
degroenepulk.nl XSS vulnerability
Open Bug Bounty ID: OBB-186731 Description| Value ---|--- Affected Website:| degroenepulk.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Imperial Website Management System Cross-Site Scripting Vulnerability
Empire website management system is based on B / S structure, and powerful and Empire CMS-logo easy to use website management system. This system is independently developed by the Imperial Development Working Group, is a well-designed for Linux/windows/Unix and other environments for efficient...
SUSE-SU-2016:1258-1 Security update for MozillaFirefox
This update to MozillaFirefox 38.8.0 ESR fixes the following issues bsc977333: - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 bsc977374 - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 bsc977376 - CVE-2016-2814: Buffer overflow in libstagefright with CENC...
firefox: multiple issues
CVE-2016-2804: Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes that are fixed in Firefox 46. - CVE-2016-2805: Christian Holler reported a memory safety problem that is fixed in Firefox ESR 38.8. - CVE-2016-2806: Gary Kwong,...
PT-2016-1677 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 9 through 11 Description: The issue is related to the improper handling of JavaScript, which can lead to information disclosure. An attacker could exploit this to determine the existence of files using...
CVE-2016-1646
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...
Veris: www.veris.in DOM based XSS
Hi, An attacked can execute arbitrary js at your main page https://www.veris.in/? vulnerable js source: https://www.veris.in/wp-content/plugins/UltimateVCAddons/assets/min-js/ultimate.min.js?ver=7e111f63322706ef9e00ec1e58f2edf4...
DEBIAN-CVE-2015-8027
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service uncaughtException and service outage via a pipelined HTTP request...
CVE-2015-7204
CVE-2015-7204 affects Mozilla Firefox before 43.0. The issue is due to how Firefox stores properties of unboxed objects, which can allow a remote attacker to execute arbitrary code via crafted JavaScript variable assignments. The vulnerability is linked to Firefox’s memory handling and has been a...
Important: Red Hat Security Advisory: Red Hat JBoss A-MQ 6.2.1 update
Red Hat JBoss A-MQ 6.2.1, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
CVE-2015-6764
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have...