chromium-browser: Out of bounds access in v8

js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via crafted JavaScript code...

Mozilla Firefox JavaScript Arbitrary Code Execution Vulnerability

Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. An arbitrary code execution vulnerability exists in Mozilla Firefox JavaScript, which allows remote attackers to exploit the vulnerability to execute arbitrary javascript code by...

SUSE-SU-2015:0630-1 Security update for MozillaFirefox

MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-tim...

CacheFlow CacheOS 3.1.x/4.0.x/4.1 Unresolved Domain Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5305/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. User supplied data is not sanitized before being included in an unresolved host...

Virtual Hosting Control System 2.2/2.4 login.php check_login() Function Authentication Bypass

No description provided by source. source: http://www.securityfocus.com/bid/16600/info Virtual Hosting Control System VHCS is prone to multiple input and access vulnerabilities. VHCS is prone to an HTML-injection vulnerability and an authentication-bypass vulnerability. These issues could be...

CVE-2014-0322

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014...

CVE-2013-3897

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted JavaScript code that uses the onpropertychange event handler, as exploit...

FICOBank Information Disclosure / Cross Site Scripting

FICOBank Directory Listing Information Disclosure / Cross Site Scripting / Jquery Old Version Vulnerable Report-Timeline: ================ 23-08-2013 Advisory Response:"Our country does not have the same laws as their own and we do not consider to be security flaws the data you send us. Thank you...

Script Execution flaw in Google drive poses security threat

Once again Google Security Team Shoot itself in the foot. Ansuman Samantaray, an Indian penetration tester discovered a small, but creative Security flaw in Google drive that poses phishing threat to million of Google users was ignored by Google Security team by replying that,"It is just a mare...

NVIDIA Install Application 2.1002.85.551 Buffer Overflow Vulnerability

NVIDIA Install Application version 2.1002.85.551 NVI2.dll unicode buffer overflow proof of concept exploit. The vulnerability is caused due to a boundary error in NVI2.DLL when handling the value assigned to the 'pDirectory' string variable in the 'AddPackages' function and can be exploited to...

Ubuntu Update for firefox USN-1638-3

Ubuntu Update for Linux kernel vulnerabilities USN-1638-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN16383.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for firefox USN-1638-3 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

SchoolCMS Cross Site Scripting

Title: SchoolCMS Persistant XSS. Date: 03/12/12 Author: VipVince Vendor: www.poweritschools.com Google Dork: /oldcore/cal/eventform.php Tested on: Windows. This is a Persistant XSS used in the software by many schools. About 225 results 0.21 seconds The vulnerability lies in the eventform.php fil...

Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)

Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service memory...

iOS JavaScript Bug Can Lead to Spoofed Sites

Apple’s iOS thus far has proven to be fairly resistant to malware and some other forms of attack, but that doesn’t mean that it is completely in the clear. A new vulnerability discovered by a researcher at a German security firm enables an attacker to take advantage of some odd JavaScript behavio...

Directory traversal

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. dot dot in the module parameter to frontend/js.php...

Ubuntu: Security Advisory (USN-1185-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Memory corruption

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary...

Malicious PDF Attack Baiting Defense Industry Victims

There has been a spate of spear-phishing attacks against a number of high-profile targets in the last few months, including RSA and others, and that trend is continuing unabated. Researchers have come across a fresh attack using the familiar malicious PDF attachment that appears to be targeting...

FengOffice 1.7.4 Cross Site Scripting

------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in FengOffice 1.7.4 can be exploited to execute arbitrary JavaScript. --PoC-- alert0" / alert0" /...

Maxthon Browser 3.0.20.1000 - ref / replace Denial of Service

Exploit Title: Maxthon Browser v3.0.20.1000 .ref .replace DOS Date: January 30 2011 Author: Carlos Mario Penagos Hollmann Software Link: http://dl.maxthon.com/mx3/mx3.0.20.3000.exe Version: v3.0.20.1000 Tested on: Windows xp sp3 ,windows 7 ,linux running on VMware Fusion 3.1 and VirtualBox 3.2.8...