exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 888 RSS Feed

JavaScript Files

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution
Posted Mar 12, 2024
Authored by chebuya

NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.

tags | exploit, web, javascript, xss
advisories | CVE-2024-28741
SHA-256 | e3d03b1bb5d42cd9ee527169a57dc6bfa52c6c6b50d4e1a990a6c9443e01b3b1
Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.

tags | exploit, javascript, proof of concept
systems | windows
SHA-256 | 7ab1d57cbbb29f8168521971a747af06eab9ef184d9f61ee316413db3f71e0c9
Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

tags | exploit, javascript, activex
systems | windows
SHA-256 | 59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71eb
Ubuntu Security Notice USN-6631-1
Posted Feb 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2024-23206
SHA-256 | 4b6f4fc061a2d62f4bfc4c023b3a9687f579682d0d0d93b1e1032a14339c54da
Chrome 121 Javascript Fork Malloc Bomb
Posted Jan 29, 2024
Authored by Georgi Guninski

Chrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash.

tags | exploit, denial of service, javascript
SHA-256 | c5fe58fff9338fa2b857b94610a42def7f40d9f7d58140b30fcf25e66b5a7686
Ubuntu Security Notice USN-6582-1
Posted Jan 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6582-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-42883
SHA-256 | efacb4bdb05b573622a6891d651f7f79948338036201cc4c73c3478731777aee
Ubuntu Security Notice USN-6574-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6574-1 - Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that Go did not properly validate the "//go:cgo_" directives during compilation. An attacker could possibly use this issue to inject arbitrary code during compile time.

tags | advisory, arbitrary, javascript, xss
systems | linux, ubuntu
advisories | CVE-2023-39318, CVE-2023-39323, CVE-2023-39326, CVE-2023-45285
SHA-256 | b8c2a5761a1b9b637336f2af66c0577c0e91e5d6928b1d69d773c8f5060e8589
Ubuntu Security Notice USN-6545-1
Posted Dec 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-42916
SHA-256 | ed8f1270abdbd4bf7807cfa9dd7fc1ef9156b37591e7a5e6e09c1c6727c271f3
Debian Security Advisory 5572-1
Posted Dec 4, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5572-1 - Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would allow an attacker to load arbitrary JavaScript code.

tags | advisory, arbitrary, javascript, imap
systems | linux, debian
advisories | CVE-2023-47272
SHA-256 | 7488c1f8cb39c45a8e6fb8d221877649d21afc6a14f9c3eceb2b735b03ccc617
Ubuntu Security Notice USN-6490-1
Posted Nov 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6490-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-41983
SHA-256 | d35bfaa2f5bcc9080ab733d02c9fe09161108b6505edc3ee149515eb5f62da3a
Debian Security Advisory 5531-1
Posted Oct 23, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.

tags | advisory, arbitrary, javascript, imap
systems | linux, debian
advisories | CVE-2023-5631
SHA-256 | 961824a129d751981518c8ecfbe654d441e2922aec3a9645d77dae20b42b7ecd
Red Hat Security Advisory 2023-5850-01
Posted Oct 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5850-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 650835598afd6c11115a7e40d6a7be3795b42e03a8212940f265e57bf3110114
Red Hat Security Advisory 2023-5849-01
Posted Oct 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5849-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-38552
SHA-256 | 4cd8422245370ccb596477251bb031a87f869e2a9b3e9e7e885237856993e7e9
Red Hat Security Advisory 2023-5840-01
Posted Oct 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5840-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 4cbb47441d16f3be2a4e43925a86740bc34c63a4183cef60b5e8c467a60b123a
Red Hat Security Advisory 2023-5803-01
Posted Oct 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5803-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | ad72a9a10edb55d6647c068ab8910e99d6be9154ae3dfb8efaff25010eb99774
Debian Security Advisory 5528-1
Posted Oct 17, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5528-1 - William Khem-Marquez discovered that using malicious plugins for the the Babel JavaScript compiler could result in arbitrary code execution during compilation.

tags | advisory, arbitrary, javascript, code execution
systems | linux, debian
advisories | CVE-2023-45133
SHA-256 | 8e9e8528781517c283dd31746e17304f3aa59d28da1d214c1d5ecffd747062ff
Red Hat Security Advisory 2023-5765-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5765-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 6b13b57b801319ae2d26fa965809d3592ac24a8e12394e5471f7261831a205a7
Red Hat Security Advisory 2023-5764-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5764-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 022e1f4af9e816dca761f97f9f1ac70762f736c2c5bfbf981d1192f85fdb880b
Red Hat Security Advisory 2023-1583-01
Posted Oct 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1583-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass, crlf injection, and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-35065
SHA-256 | 6075c7c63e15ec1bc1dbd5da18c73b8cb6974916991bf8f85da751a77f8fb25c
Red Hat Security Advisory 2023-1582-01
Posted Oct 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1582-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-35065
SHA-256 | 0f72c48a1209ee67b23589645b73cc37da22b841c606d6e6e4e089afa31b58cb
Ubuntu Security Notice USN-6426-1
Posted Oct 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6426-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-39928
SHA-256 | c72aad25773c01cb851fed77dfb508210a1e943aafc90c6b284c85d17dc7a9b8
Red Hat Security Advisory 2023-5533-01
Posted Oct 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

tags | advisory, web, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25881, CVE-2022-4904, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | a1de4803284127ae04070476723bb3381abb23fa8706dae7ab1c90bb1713980b
Red Hat Security Advisory 2023-5532-01
Posted Oct 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5532-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a bypass vulnerability.

tags | advisory, javascript, bypass
systems | linux, redhat
advisories | CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | 65ebad59c8253e88e2143d622570a561509704bf12c8076c64a6937f8aabc54b
Ubuntu Security Notice USN-6406-1
Posted Oct 4, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6406-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.

tags | advisory, remote, denial of service, arbitrary, javascript, code execution
systems | linux, ubuntu
advisories | CVE-2023-4046
SHA-256 | 25de3c8dd39492ae9ee3a9bd07e4d5238e4246b6951dd3dbfb8c5854dceaefd0
Red Hat Security Advisory 2023-5362-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5362-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | 495a3f24d2632110634309010865240af57a5ea7b556b056d308808eae784582
Page 1 of 36
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close