Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure Exploit

Exploit for java platform in category web applications !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program...

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$...

Cisco ASR 5500 System Architecture Evolution Gateway Denial of Service Vulnerability

Cisco ASR 5500 System Architecture Evolution SAE Gateways is a gateway device from Cisco.General Packet Radio Service GPRS Tunneling Protocol ingress packet handler is one of the General Packet Radio Service GPRS Tunneling Protocol ingress packet handlers. A denial of service vulnerability exists...

macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read Exploit

Google Security Research / OSX: HelpViewer XSS leads to arbitrary file execution and arbitrary file read. HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open /Applications/Safari.app/Contents/Resources/Safari.help...

Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution Arbitrary File Read

Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution Arbitrary File Read / OSX: HelpViewer XSS leads to arbitrary file execution and arbitrary file read. HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open...

macOS HelpViewer XSS leads to arbitrary file execution and arbitrary file read（CVE-2017-2361）

HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open /Applications/Safari.app/Contents/Resources/Safari.help or using "help:" scheme: help:openbook=com.apple.safari.help...

(0Day) Google Chrome Protocol Handler Logic Error Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to bypass restrictions on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of URIs...

openSUSE Security Update : the MozillaFirefox / mozilla-nss and mozilla-nspr (openSUSE-2016-128)

This update to MozillaFirefox fixes several security issues and bugs. Mozilla Firefox was updated to 44.0. Mozilla NSS was updated to 3.21 Mozilla NSPR was updated to 4.11. The following vulnerabilities were fixed : - CVE-2016-1930/CVE-2016-1931: Miscellaneous memory safety hazards boo963633 -...

openSUSE Security Update : Mozilla Firefox (openSUSE-2016-131)

This update fixes the following security related issues by updating packages to a more recent version : Update of NSPR to 4.11 Update of NSS to 3.21 Update of Firefox to 44.0 - MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 Miscellaneous memory safety hazards - MFSA 2016-02/CVE-2016-1933 bmo1231761 Out...

Unspecified vulnerability in Mozilla Firefox protocol-handler dialog box

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the protocol-handler dialog box in Mozilla Firefox versions prior to 44.0. The vulnerability can be exploited by remote attackers to conduct clickjacking...

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

Design/Logic Flaw

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

CVE-2016-1937

The CVE-2016-1937 issue concerns Firefox’s protocol-handler dialog, where a crafted page could trigger a single-click action intended as a double-click. OpenSUSE advisories document the fix as part of Mozilla Firefox updates to version 44.0 (on GA media), with NSS updated to 3.21 and NSPR to 4.11...

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

UBUNTU-CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

Missing delay following user click events in protocol handler dialog — Mozilla

Security researcher window reported an issue where the protocol handler dialog appears, double click events are treated as two single click events. This was caused by the lack of a delay following the initial focus in the file download dialog. This could cause a second dialog to be sent the secon...

Slack: OSX slack:// protocol handler javascript injection

The Mac Slack app version 1.1 introduced the slack:// protocol handler. Due to improper input sanitization, arbitrary Javascript code can be run in the context of the client app if the user clicks on a slack:// link on a website or email. I have confirmed this issue still exists in the 1.1.1...

(Pwn2Own) Apple OS X XSS Sandbox Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within certain URLs in the...