CVE-2016-7968

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed...

IBM Financial Transaction Manager for ACH Cross-Site Scripting Vulnerability

IBM Financial Transaction Manager FTM for ACH Services is a Financial Transaction Manager product from IBM USA, which is used to monitor, track and report on financial payments and transactions. A cross-site scripting vulnerability exists in Financial Transaction Manager FTM for ACH Services...

New Relic: XSS in a newrelic.com site

Hello, I found a XSS vulnerability that could be used by an attacker to execute javascript in the client, for example, an attacker could steal the cookie of the user or an attacker could redirect the client to an attacker site and try to exploit vulnerabilities against the browser. Here you can...

CVE-2016-4215

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors...

The vulnerability of the Firefox browser, which allows a remote attacker to execute arbitrary JavaScript code

The vulnerability of Firefox lies in the improper restriction of resource: URL. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code with privileges of a Chrome browser, thereby circumventing access control policies. This can be achieved, for example, by usi...

The vulnerability of Juniper SRX 240 microprogramming software allows a hacker to execute arbitrary Java scripts in the context of the user’s browser.

The Juniper SRX 240 router software contains a vulnerability in the index.php module, allowing an attacker to execute arbitrary Java scripts in the user’s browser context due to insufficient filtering of service-specific symbols...

The vulnerability of the Thunderbird email client, which allows a remote attacker to execute arbitrary JavaScript code

The vulnerability of the Thunderbird email client lies in the improper restriction of the resource:URL. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code with privileges of a Chrome user, bypassing access policies. This can be achieved by using a...

The vulnerability of the Thunderbird email client, which allows a malicious actor to execute arbitrary code

Mozilla Thunderbird’s email client contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, using a fragment of IDL to trigger a...

The vulnerability of the Serv-U File Server allows a malicious attacker to execute arbitrary JavaScript code in the user’s browser, to replace the default content, or to redirect traffic to a specified resource.

The vulnerability of the Serv-U File Server software lies in insufficient checks on the parameters transmitted by clients and the scripts used in HTM scenarios. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser, replace the displayed...

Design Vulnerability in YoMail Email Client of Shanghai Wulong Information Technology Co.

yomail is a lightweight design email client. A design vulnerability exists in the YoMail email client of Shanghai Wuji Information Technology Co. Ltd, which allows an attacker to execute js code, etc. by sending a payload...

Slack: Open Redirect on slack.com

Hi, my report has tow interesting parts here First ====== In this report 104087 the attacker uploads a svg file to execute JavaScript and redirect to any domain I have found a new way to execute full html files on victim machine instead of downloading them by adding a bunch of binary chars before...

Adobe Acrobat Reader DC Restriction Bypass Vulnerability (CNVD-2016-03132)

Adobe Acrobat Reader DC is the United States of America Odooby Adobe company's set of tools for viewing, printing and annotating PDF. A security vulnerability exists in Adobe Acrobat Reader DC that allows an attacker to bypass restrictions on the Javascript API executable...

Google Chrome Javascript Execution Vulnerability

Google Chrome is a popular web browser. A javascript execution vulnerability exists in Google Chrome's default search engine. An attacker is able to manipulate the masterpreferences file on the victim's machine...

Snapchat: XSS found on Snapchat website

Hi Snapchat Team, I've found a reflected XSS vulnerability on this page: https://www.snapchat.com/add/snapchat Example: https://www.snapchat.com/add/%22%3E%3Ch1%3EXSS%3C%2Fh1%3E Note: you should visit the page with a mobile user-agent since the server displays different information based on the...

Anti-Malware Security & Brute-Force Firewall <= 4.15.42 - XSS & CSRF

The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a XSS & CSRF security vulnerability. PoC XSS vulnerability in https://wordpress.org/plugins/gotmls/ has been identified. While I scan a site with that plugin , i had a file '".png and it was skippped , but result...

Veris: Security Vulnerability - SMTP protection not used

Hi, I'm checking your website found SPF record there. You should apply strict SMPT policy to stop spoofed email sending from your domain. An attacker would send a Fake email from [email protected] saying that Please change your password, The victim is aware of phishing attacks, But when he sees...

Xymon HTML Injection Vulnerability

Xymon is an open source , cross-platform network monitoring application . The application can be viewed through the web page of the operational status of each server , and supports Email and SMS notification function . There is an HTML injection vulnerability in Xymon. This vulnerability can be...

Vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.

The vulnerability of the CBBBRInvite method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions. Exploiting this...

The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.

The vulnerability of the ANSendForBrowserReview method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions. Exploiting...

The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.

The vulnerability of the CBSharedReviewStatusDialog method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions...