Sagem Fast 3304-V2 Credential Disclosure

Exploit title: FAST3304v2 Credentials Disclosure vulnerability Author: Nassim Asrir Author Company: HenceForth Author Email: [email protected] Discovered on: 13/11/2016 Tested on: Linux x8664 / Mozilla Firefox 49. Tested Version: Sagem Fast 3304-V2 other versions may also be affected Vendor:...

degroenepulk.nl XSS vulnerability

Open Bug Bounty ID: OBB-186731 Description| Value ---|--- Affected Website:| degroenepulk.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Imperial Website Management System Cross-Site Scripting Vulnerability

Empire website management system is based on B / S structure, and powerful and Empire CMS-logo easy to use website management system. This system is independently developed by the Imperial Development Working Group, is a well-designed for Linux/windows/Unix and other environments for efficient...

SUSE-SU-2016:1258-1 Security update for MozillaFirefox

This update to MozillaFirefox 38.8.0 ESR fixes the following issues bsc977333: - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 bsc977374 - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 bsc977376 - CVE-2016-2814: Buffer overflow in libstagefright with CENC...

firefox: multiple issues

CVE-2016-2804: Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes that are fixed in Firefox 46. - CVE-2016-2805: Christian Holler reported a memory safety problem that is fixed in Firefox ESR 38.8. - CVE-2016-2806: Gary Kwong,...

PT-2016-1677 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 9 through 11 Description: The issue is related to the improper handling of JavaScript, which can lead to information disclosure. An attacker could exploit this to determine the existence of files using...

CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

Veris: www.veris.in DOM based XSS

Hi, An attacked can execute arbitrary js at your main page https://www.veris.in/? vulnerable js source: https://www.veris.in/wp-content/plugins/UltimateVCAddons/assets/min-js/ultimate.min.js?ver=7e111f63322706ef9e00ec1e58f2edf4...

DEBIAN-CVE-2015-8027

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service uncaughtException and service outage via a pipelined HTTP request...

CVE-2015-7204

CVE-2015-7204 affects Mozilla Firefox before 43.0. The issue is due to how Firefox stores properties of unboxed objects, which can allow a remote attacker to execute arbitrary code via crafted JavaScript variable assignments. The vulnerability is linked to Firefox’s memory handling and has been a...

Important: Red Hat Security Advisory: Red Hat JBoss A-MQ 6.2.1 update

Red Hat JBoss A-MQ 6.2.1, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

CVE-2015-6764

The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have...

chromium-browser: Out of bounds access in v8

js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via crafted JavaScript code...

Mozilla Firefox JavaScript Arbitrary Code Execution Vulnerability

Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. An arbitrary code execution vulnerability exists in Mozilla Firefox JavaScript, which allows remote attackers to exploit the vulnerability to execute arbitrary javascript code by...

SUSE-SU-2015:0630-1 Security update for MozillaFirefox

MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-tim...

CacheFlow CacheOS 3.1.x/4.0.x/4.1 Unresolved Domain Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5305/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. User supplied data is not sanitized before being included in an unresolved host...

Virtual Hosting Control System 2.2/2.4 login.php check_login() Function Authentication Bypass

No description provided by source. source: http://www.securityfocus.com/bid/16600/info Virtual Hosting Control System VHCS is prone to multiple input and access vulnerabilities. VHCS is prone to an HTML-injection vulnerability and an authentication-bypass vulnerability. These issues could be...

CVE-2014-0322

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014...

CVE-2013-3897

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted JavaScript code that uses the onpropertychange event handler, as exploit...

FICOBank Information Disclosure / Cross Site Scripting

FICOBank Directory Listing Information Disclosure / Cross Site Scripting / Jquery Old Version Vulnerable Report-Timeline: ================ 23-08-2013 Advisory Response:"Our country does not have the same laws as their own and we do not consider to be security flaws the data you send us. Thank you...