58 matches found
CVE-2020-7598
A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
CVE-2019-10805
valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...
Foxit Reader Text removeField Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method...
CVE-2019-9816
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...
CVE-2019-9791
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...
CVE-2019-9791
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...
Microsoft Windows Multiple Vulnerabilities (KB4489872)
This host is missing a critical security update according to Microsoft KB4489872 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...
CVE-2017-3025
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution...
The vulnerability of the Flash Player software, which allows a perpetrator to execute arbitrary code
The vulnerability of the MovieClip class in the Flash Player software platform is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by manipulating objects...
The vulnerability of WebSphere Application Server application servers allows a hacker to gain privileged access.
The vulnerability of WebSphere Application Server applications is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain privileged access by manipulating the value of the object...
Microsoft Internet Explorer isindex Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Oracle Java JPEGImageWriter Memory Corruption - Ver2 (CVE-2013-2429)
A memory corruption vulnerability has been reported in Oracle Java. The vulnerability is due to improper safeguards against object manipulation in stream writer callbacks from native code in com. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
Oracle Java and JavaFX JPEGImageReader Memory Corruption - Ver2 (CVE-2013-2430)
A memory corruption vulnerability has been reported in Oracle Java and JavaFX. The vulnerability is due to improper safeguards against object manipulation. A remote attacker can exploit this vulnerability by enticing the target user to visit a specially crafted web page. Successful exploitation o...
Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2012-1098
Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...
openSUSE Security Update : seamonkey (seamonkey-3372)
This update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...
Heap overflow
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."...
5QIM 2.0.0.9 IE Crash Exploit
No description provided by source. object id="xiaonei" classid="clsid:5C56F4A7-71FC-4FFD-A9D7-18FB87A9DFC6" style="display:none;"/object script function crash var buff = ''; fori=0;i=5000;i++ buff+="AAAAAAAAAA"; object = document.getElementById"xiaonei"; object.Start5QIMWithItv'test','test',buff;...