CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

CVE-2014-1590

CVE-2014-1590 affects Mozilla Firefox (before 34.0), Firefox ESR (31.x before 31.3), Thunderbird (before 31.3), and SeaMonkey (before 2.31). The issue is a denial of service caused by an error when passing a crafted JavaScript object to XMLHttpRequest.prototype.send. Remediation is to upgrade to ...

FreeBSD : mozilla -- multiple vulnerabilities (7ae61870-9dd2-4884-a2f2-f19bb5784d09)

The Mozilla Project reports : ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...

USN-2428-1 thunderbird vulnerabilities

Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service...

USN-2428-1: Thunderbird vulnerabilities

Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service...

Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

XMLHttpRequest crashes with some input streams — Mozilla

Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks...

Google FeedBurner FeedSmith 2.2 Cross-Site Request Forgery Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25921/info FeedBurner FeedSmith is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to use a victim's currently active session to perform actions with the application...

WordPress Contact Form plugin <= 2.7.5 - SQL Injection

No description provided by source. Exploit Title: WordPress Contact Form plugin = 2.7.5 SQL Injection Vulnerability Date: 2011-10-13 Author: Skraps jackie.craig.sparksatlive.com jackie.craig.sparksatgmail.com @skrapsfoo Software Link: http://downloads.wordpress.org/plugin/contact-form-wordpress.z...

atmail email server appliance 6.4 - Stored XSS - csrf - rce

No description provided by source. Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScript file that will...

Vivvo CMS <= 3.4 (index.php) Remote BLIND SQL Injection Exploit

No description provided by source. html head titleVivvo CMS = 3.4 index.php Remote BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: Vivvo CMS = 3.4 index.php Remote BLIN...

Ultimate PHP Board <= 2.2.1 (log inj) Privilege Escalation Exploit

No description provided by source. !/usr/bin/perl -w ------------------------------------------------------------------ Ultimate PHP Board = 2.2.1 log inj Privilege Escalation Exploit ------------------------------------------------------------------ by athos - stakerathotmaildotit download on...

Apache OFBiz - SQL Remote Execution PoC Payload

No description provided by source. / Apache OFBiz SQL Remote Execution PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var cmd = 'command'; var xmlhttp=false; try xmlhttp = new ActiveXObjectMsxml2.XMLHTTP; catch e...

Apache OFBiz - FULLADMIN Creator PoC Payload

No description provided by source. / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...

Apache httpOnly Cookie Disclosure

No description provided by source. // Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ; for var i=0; i 819; i+...

XOOPS Module resmanager <= 1.21 - Blind SQL Injection Exploit

No description provided by source. html head titleXOOPS Module resmanager = 1.21 editday.php BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module resmanager =...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1583-1)

Changes in MozillaFirefox : - update to Firefox 17.0 bnc790140 - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards - MFSA 2012-92/CVE-2012-4202 bmo758200 Buffer overflow while rendering GIF images - MFSA 2012-93/CVE-2012-4201 bmo747607 evalInSanbox location context...