USN-2185-1 firefox vulnerabilities

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an...

Fortinet FortiADC D-series contains a cross-site scripting vulnerability

Overview Fortinet FortiADC D-series 3.2.0, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiADC D-series 3.2.0, and possibly earlier versions,...

ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities

Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...

Silex vulnerable to cross-site scripting

Overview Silex is a software to build websites. Silex contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be execute...

JP1/Integrated Management - Service Support vulnerable to cross-site scripting

Overview JP1/Integrated Management - Service Support has a cross-site scripting vulnerability, which occurs when receiving a request that contains malicious scripts when being used with JP1/Integrated Management - View. Impact An attacker can exploit this vulnerability to execute malicious script...

QNX 6.4.x / 6.5.x ifwatchd Local Root

!/bin/sh QNX 6.4.x/6.5.x ifwatchd local root exploit by cenobyte 2013 - vulnerability description: Setuid root ifwatchd watches for addresses added to or deleted from network interfaces and calls up/down scripts for them. Any user can launch ifwatchd and provide arbitrary up/down scripts...

CVE-2014-1882

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated...

Code injection

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler...

Code injection

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated...

CVE-2014-1882

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated...

CVE-2014-1881

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler...

CVE-2014-1882

Affected software: Apache Cordova 3.3.0 and earlier; Adobe PhoneGap 2.9.0 and earlier. Root cause: An event-based bridge can be bypassed via a crafted library clone that uses IFRAME script execution to directly access bridge JavaScript objects, demonstrated by cordova.require calls. Impact: Remot...

CVE-2014-1881

CVE-2014-1881 affects Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier. The vulnerability arises in an event-based bridge technique where a crafted library clone can trigger IFRAME script execution and waits for an OnJsPrompt handler return value to bypass intended device-res...

Blackboard Vista/CE vulnerable to cross-site scripting

Overview Blackboard Vista/CE is a learning management system LMS. Blackboard Vista/CE contains a cross-site scripting vulnerability. ICHIHARA Ryohei of SERAKU Co.,Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...

DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability

Overview DELL SonicWALL GMS/Analyzer/UMA version 7.1, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' DELL SonicWALL GMS/Analyzer/UMA version 7.1 contain...

FreeBSD : phpmyfaq -- multiple vulnerabilities (4dd575b8-8f82-11e3-bb11-0025905a4771)

The phpMyFAQ team reports : An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. If a user views a malicious page while logged in, settings may be changed unintentionally. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

SeaMonkey < 2.24 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.24 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477, CVE-2014-1478 - An error exists relat...

XSLT stylesheets treated as styles in Content Security Policy — Mozilla

Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy CSP is not in compliance with the specification. XSLT stylesheets must be subject to script-src directives but Mozilla's implementation of CSP treats them as styles. This could lead to...

phpmyfaq -- multiple vulnerabilities

The phpMyFAQ team reports: An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. If a user views a malicious page while logged in, settings may be changed unintentionally...