SUSE CVE-2017-5124

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

CVE-2023-0561

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The explo...

The vulnerability of the WKUserScript script in Mozilla Firefox’s browser loading mechanism for iOS allows a malicious user to load any file they desire.

The vulnerability of the WKUserScript script in Mozilla Firefox’s browser download function for iOS is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to download any file they desire...

CVE-2020-15661

A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS 28...

CVE-2020-15046

The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/configuser.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88...

CVE-2019-5012

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise the...

Chrome V8 JIT - 'AwaitedPromise' Update Bug

/ Here's a snippet of AsyncGeneratorReturn. https://cs.chromium.org/chromium/src/v8/src/builtins/builtins-async-generator-gen.cc?rcl=bcd1365cf7fac0d7897c43b377c143aae2d22f92&l=650 Node const context = ParameterDescriptor::kContext; Node const outerpromise = LoadPromiseFromAsyncGeneratorRequestreq...

SQL Injection Vulnerability in CUID Parameter of Hikvision's In-vehicle Remote Monitoring System AddUser.php File

Hikvision vehicle remote monitoring system is a set of vehicle video networking monitoring platform software. A SQL injection vulnerability exists in the parameter CUID of the AddUser.php file in Hikvision Vehicle Remote Monitoring System. It allows attackers to exploit the vulnerability to obtai...

Apple Safari - DateTimeFormat.format Type Confusion Exploit

Exploit for multiple platform in category dos / poc var date = new DateDate.UTC2012, 11, 20, 3, 0, 0; var i = new Intl.DateTimeFormat; //printi; var q; function f //print"in f"; //printf.caller; q = f.caller; return 10; try i.formatvalueOf : f; catche //print"problem"; //printq; q.call0x77777777;...

Safari Browser: Out-of-bounds read when calling bound function(CVE-2017-2447)

There is an out-of-bounds read when reading the bound arguments array of a bound function. When Function.bind is called, the arguments to the call are transferred to an Array before they are passed to JSBoundFunction::JSBoundFunction. Since it is possible that the Array prototype has had a setter...

Apple Safari - 'DateTimeFormat.format' Type Confusion

var date = new DateDate.UTC2012, 11, 20, 3, 0, 0; var i = new Intl.DateTimeFormat; //printi; var q; function f //print"in f"; //printf.caller; q = f.caller; return 10; try i.formatvalueOf : f; catche //print"problem"; //printq; q.call0x77777777;...

Apple Safari - Out-of-Bounds Read when Calling Bound Function

Apple Safari - Out-of-Bounds Read when Calling Bound Function var ba; function s alert"in s"; ba = this; function g alert"in g"; return...

Apple Safari - DateTimeFormat.format Type Confusion

Apple Safari - DateTimeFormat.format Type Confusion var date = new DateDate.UTC2012, 11, 20, 3, 0, 0; var i = new Intl.DateTimeFormat; //printi; var q; function f //print"in f"; //printf.caller; q = f.caller; return 10; try i.formatvalueOf : f; catche //print"problem"; //printq; q.call0x77777777;...

Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144)

Microsoft Edge - Internationalization Initialization Type Confusion MS16-144 1; , set: function ; function f var i = Intl; Intl = ; // this somehow prevents an exception that prevents laoding di, "Collator", noobj; Objec...

Microsoft Edge - 'Array.join' Infomation Leak (MS16-119)

var y = 0; var t = new Array1,2,3; t.length = 100; var o = ; Object.definePropertyo, '3', get: function alert'get!'; t0 = ; var j = ; forvar i = 0; i 100; i++ ti = a : i;...

MediaWiki 1.23.x < 1.23.15 / 1.26.x < 1.26.4 / 1.27.x < 1.27.1 Multiple Vulnerabilities

According to its version number, the MediaWiki application running on the remote web server is 1.23.x prior to 1.23.15, 1.26.x prior to 1.26.4, or 1.27.x prior to 1.27.1. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in the...

Google Chrome Content Misreference Vulnerability (CNVD-2016-05596)

Google Chrome is a web browsing tool developed by Google. A memory misreference vulnerability exists in extensions/renderer/userscriptinjector.cc in the Extensions subsystem of Google Chrome prior to version 52.0.2743.82. It could allow a remote attacker to cause a denial of service...

chromium-browser: use after free in extensions

Use-after-free vulnerability in extensions/renderer/userscriptinjector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion...

UBUNTU-CVE-2016-5136

Use-after-free vulnerability in extensions/renderer/userscriptinjector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion...

Cisco Firepower 9000 Arbitrary File Read Access Script Vulnerability

A vulnerability in a user script supplied with Cisco Firepower 9000 devices could allow an authenticated, remote attacker to view any file on the device, even ones that should be restricted to authenticated users. The vulnerability is due to lack of input validation of the parameters passed to...