[SECURITY] Fedora 25 Update: cloud-init-0.7.8-6.fc25

Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...

Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144)

1; , set: function ; function f var i = Intl; Intl = ; // this somehow prevents an exception that prevents laoding di, "Collator", noobj; Object.defineProperty = f; var q = new Intl.NumberFormat...

EMC Replication Manager directory traversal

Directory traversal via user scripts...

[SECURITY] Fedora 16 Update: cloud-init-0.6.3-0.5.bzr532.fc16

Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...

mediawiki -- authenticated CSRF vulnerability

A MediaWiki security announcement reports: MediaWiki was found to be vulnerable to login CSRF. An attacker who controls a user account on the target wiki can force the victim to log in as the attacker, via a script on an external website. If the wiki is configured to allow user scripts, say with...

GreaseKit and Creammonkey allows execution of userscript functions

Overview GreaseKit and Creammonkey contains a vulnerability that can be exploited to execute functions for userscripts. GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit a...

Greasemonkey.txt

// Proof of concept exploits by Mark Pilgrim // 1 - Will disclose the contents of c:\boot.ini window.GMxmlhttpRequest = null; function trapGM03sPropertyName, sOldValue, sNewValue window.GMxmlhttpRequest = window.GMxmlhttpRequest; return sNewValue; function trapGM04sPropertyName, sOldValue,...