Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1258 MsMpEng's JS engine uses garbage collection to manage the lifetime of Javascript objects. During mark and sweep the GC roots the vectors representing the JS stack as well as a few other hardcoded objects, traversing reachable...

WebKit FrameLoader::clear Variable Theft

WebKit: Stealing variables via page navigation in FrameLoader::clear CVE-2017-2515 void FrameLoader::clearDocument newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView mframe.editor.clear; if !mneedsClear return; mneedsClear = false; if...

WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation

pageCacheState != Document::InPageCache ... mframe.document-prepareForDestruction; removeFocusedNodeOfSubtreemframe.document; ... mframe.setDocumentnullptr; domWindow; Click anywhere. function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; window.onclick = =...

Pi Engine Cross-Site Scripting Vulnerability

PI Engine is an open-source CMS system that is more widely used within some Internet companies. A cross-site scripting vulnerability exists in PI Engine, which stems from the program failing to properly validate user-supplied input. When an unsuspecting user browses the affected site, an attacker...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10726)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10722)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-08125)

IBM Curam Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. IBM Curam Social Program Management suffers from a cross-site scripting vulnerability that originates from the program faili...

NetComm NB16WV-02 HTML Injection Vulnerability

The NetComm NB16WV-02 is a router product from NetComm Australia. The NetComm NB16WV-02 suffers from an HTML injection vulnerability that originates when a program fails to properly validate user-supplied input. When an unknowing user browses the affected site, an attacker could exploit the...

SAP Enterprise Portal Cross-Site Scripting Vulnerability

SAP Enterprise Portal is a set of enterprise portal based on NetWeaver system platform developed by SAP, which contains content management, single sign-on, knowledge management, collaborative work, full-text search and other modules. A cross-site scripting vulnerability exists in SAP Enterprise...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10727)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10725)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10723)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Pivotal RabbitMQ Product Cross-Site Scripting Vulnerability

Pivotal RabbitMQ and RabbitMQ for PCF are both products of the American company Pivotal Software. The former is a set of open source message broker software that implements the Advanced Message Queuing Protocol AMQP, and the latter is an open source messaging server used to support data monitorin...

JVN#11326581: Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Empirical Project Monitor - eXtended The...

Simple Snort Installation: Snorter

Simple Snort Installation Tricky script which mades Snort installation simply as a script execution is. The script installs: Snort : Open Source IDS. Barnyard2 : Interpreter for Snort unified2 binary output files. PulledPork : Snort rule management. WebSnort : Web Interface for PCAP analysis...

Design/Logic Flaw

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...

CVE-2017-6250

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...

CVE-2017-6250

CVE-2017-6250 affects NVIDIA GeForce Experience, specifically the NVIDIA Web Helper.exe component. The issue permits local code execution through untrusted script execution, per the CVSS3 base metrics (High impact on confidentiality, integrity, and availability; local attack vector with low compl...

CVE-2017-6250

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...