667 matches found
SUSE-SU-2021:0246-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR MFSA 2021-04, bsc1181414 CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests CVE-2021-23954: Fixed a type confusion when using logical assignment operators in...
Wing FTP Cross-Site Scripting Vulnerability
Wing FTP Server is a cross-platform FTP server software. A cross-site scripting vulnerability exists in Wing FTP version 6.4.4, where an arbitrary IFRAME element can be included in a help page via a specially crafted link, which can be exploited by an attacker to execute sandbox arbitrary HTML an...
PT-2020-18228 · Ibm · Ibm Content Navigator +1
Name of the Vulnerable Software and Affected Versions: IBM FileNet Content Manager and IBM Content Navigator version 3.0.CD Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution. The vulnerability is in the extend function. PoC const decal = require'decal'; console.log'Before:', .polluted; const o = JSON.parse'"proto":"polluted":"1"'; decal.extend, true, o; console.log'After:', .polluted;...
Stripo Inc: Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo
Summary: Can you imagine discovering an API key disclosure vulnerability in a disclosed API key disclosure report? The same thing is what I came across while going through the disclosed reports at Stripo Inc. Plus, the disclosed API key isn't even revoked, and therefore I am still able to use the...
U.S. Dept Of Defense: hardcoded password stored in javascript of https://████.mil
Summary: I have discovered a cleartext password stored within a javascript. This password allows me to authentication to https://█████.mil. Description: I have discovered a cleartext password stored within a javascript. This password allows me to authentication to https://███████.mil. To confirm...
Prototype Pollution
Overview doc-path is an A document path library for Node Affected versions of this package are vulnerable to Prototype Pollution. PoC javascript const path = require'doc-path'; let obj = ; console.log"Before : " + obj.polluted; path.setPath, 'proto.polluted', "yes"; console.log"After : " +...
0x0.icu.anima (=0.1.0), 1.1.0 (=1.0.0) +15467 more potentially affected by CVE-2020-7660 via serialize-javascript (>=1.0.0 <=3.0.0)
serialize-javascript NPM version =1.0.0, =6.2.0, =0.1.0, =0.0.1, =2.0.0, =0.1.0, =1.0.1, =0.1.0, =0.24.0, =0.29.0 and more Source cves: CVE-2020-7660 Source advisory: OSV:GHSA-HXCC-F52P-WC94...
Mail.ru: XSS on https://deti.mail.ru/
deti.mail.ru allowed to insert javascript: links into post content leading to self XSS possibility on message editing...
CVE-2019-4301
BigFix Self-Service Application SSA is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to bypass security restrictions.
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to data processing errors. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions remotely...
CVE-2019-10798
rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype...
CVE-2020-6382
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
UBUNTU-CVE-2020-6395
Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
Security Bulletin: JavaScript vulnerability affects IBM Sterling B2B Integrator (CVE-2008-7220)
Summary An unspecified error in the Prototype JavaScript framework prototype.js, as used in multiple products, could allow a remote attacker to conduct cross-site Ajax requests using unknown attack vectors. Note: This vulnerability affects the ajax based manager interface, ajamdemo.html, in certa...
DEBIAN-CVE-2019-13730
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2019-13735
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
UBUNTU-CVE-2019-13728
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2019-5825
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2019-5866
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...