exploit the possibilities
Showing 1 - 25 of 708 RSS Feed

JavaScript Files

WhatWeb Scanner 0.5.1
Posted Feb 25, 2020
Authored by Andrew Horton (urbanadventurer) | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: This is a minor release with bug fixes, one new plugin, and a couple of plugin updates.
tags | tool, web, scanner, javascript
systems | unix
MD5 | a437d13dbfe9caccc1b4c39a57350c05
Red Hat Security Advisory 2020-0598-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0598-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606
MD5 | 1bf2f0ea2d9f0af85f19d93c9471ae0d
Red Hat Security Advisory 2020-0597-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0597-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
MD5 | a251214cca501bd31c99455879d5ce4b
Red Hat Security Advisory 2020-0579-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0579-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
MD5 | 5112cf78de76214d4e4f09f978f6008e
Red Hat Security Advisory 2020-0573-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0573-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
MD5 | cf8221333bd22cadadb8bb232144ac87
Ubuntu Security Notice USN-4281-1
Posted Feb 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4281-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-3862, CVE-2020-3868
MD5 | 73d48b8968798ef10057db2856ca1496
Ubuntu Security Notice USN-4261-1
Posted Jan 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4261-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-8835
MD5 | 016f695463157c80fd637ddc1347439f
Ubuntu Security Notice USN-4181-1
Posted Nov 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4181-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-8812
MD5 | d2ed637960fd61223d19e006ebfa327b
Ubuntu Security Notice USN-4178-1
Posted Nov 8, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4178-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-8625
MD5 | 306c8955c2f273afb8b953e5c146c877
Total.js CMS 12 Widget JavaScript Code Injection
Posted Oct 21, 2019
Authored by sinn3r, Riccardo Krauter | Site metasploit.com

This Metasploit module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution.

tags | exploit, remote, javascript, code execution
advisories | CVE-2019-15954
MD5 | 1764c2113b6babdc9f9a58ffd2bc284f
WhatWeb Scanner 0.5.0
Posted Oct 5, 2019
Authored by Andrew Horton (urbanadventurer) | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: Version 0.5.0 is a major version release form urbanadventurer and bcoles. With the help of the WhatWeb community they have reached over 1800 plugins! Plugin authors should take note that this release is not backwards compatible, and they have made a migration tool to help you update your private or unreleased plugins. New additions include IDN support, 9 unit tests, and various other items. Multiple bug fixes and updates have been added.
tags | tool, web, scanner, javascript
systems | unix
MD5 | 3dc99c5f128d3866273f05cd77548a2f
Red Hat Security Advisory 2019-2955-01
Posted Oct 2, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2955-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518
MD5 | 1a514ca362872e9ae66545e776b0d461
Red Hat Security Advisory 2019-2939-01
Posted Sep 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2939-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518
MD5 | 3ea54427e9bdbe60949971c4ea4ff8d0
Red Hat Security Advisory 2019-2925-01
Posted Sep 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2925-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518
MD5 | d13cd13816001f3a3097381e8c6b0617
Ubuntu Security Notice USN-4130-1
Posted Sep 11, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4130-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-8644, CVE-2019-8669, CVE-2019-8680, CVE-2019-8687
MD5 | 536f40f870fe7dec836bc3426c66a70e
Red Hat Security Advisory 2019-1821-01
Posted Jul 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1821-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2018-12116, CVE-2018-12121, CVE-2018-12122, CVE-2018-12123, CVE-2018-20834, CVE-2019-5737
MD5 | cd1b8ad60a255cdd9cfc503f2754ed42
Safari Webkit Proxy Object Type Confusion
Posted Jun 2, 2019
Authored by saelo, ianbeer, Siguza, niklasb | Site metasploit.com

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion (CVE-2018-4233). The type confusion leads to the ability to allocate fake Javascript objects, as well as the ability to find the address in memory of a Javascript object. This allows us to construct a fake JSCell object that can be used to read and write arbitrary memory from Javascript. The module then uses a ROP chain to write the first stage shellcode into executable memory within the Safari process and kick off its execution. The first stage maps the second stage macho (containing CVE-2017-13861) into executable memory, and jumps to its entrypoint. The CVE-2017-13861 async_wake exploit leads to a kernel task port (TFP0) that can read and write arbitrary kernel memory. The processes credential and sandbox structure in the kernel is overwritten and the meterpreter payloads code signature hash is added to the kernels trust cache, allowing Safari to load and execute the (self-signed) meterpreter payload.

tags | exploit, arbitrary, kernel, javascript, shellcode
advisories | CVE-2017-13861, CVE-2018-4233
MD5 | 394148cda471deeb3abbfdccf622fa46
JavaScript V8 Turbofan Out-Of-Bounds Read
Posted May 28, 2019
Authored by saelo, Google Security Research

JavaScript V8 Turbofan may read a Map pointer out-of-bounds when optimizing Reflect.construct.

tags | advisory, javascript
MD5 | 36998fe03e21e2360e63455dcd1824ed
Internet Explorer JavaScript Privilege Escalation
Posted May 23, 2019
Authored by SandboxEscaper

Internet Explorer 11 exploit that allows attackers to execute JavaScript with higher system access than is normally permitted by the browser sandbox.

tags | exploit, javascript
advisories | CVE-2019-0841
MD5 | 935c249a0cf1e2fa49afb683f0e4aa80
Ubuntu Security Notice USN-3992-1
Posted May 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3992-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-8595
MD5 | 12b9071fb727c2600c6517cb0d2ade93
Chrome 72.0.3626.119 FileReader Use-After-Free
Posted May 8, 2019
Authored by Clement LECIGNE, timwr, Istvan Kurucsai | Site metasploit.com

This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling ArrayBuffer reference can be used to access the sprayed objects, allowing arbitrary memory access from Javascript. This is used to write and execute shellcode in a WebAssembly object. The shellcode is executed within the Chrome sandbox, so you must explicitly disable the sandbox for the payload to be successful.

tags | exploit, arbitrary, x86, javascript, shellcode
systems | windows, 7
advisories | CVE-2019-5786
MD5 | 1845174659a656cb293c5dd2f17fe75c
Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting
Posted Apr 26, 2019
Authored by Cisco Talos, Carl Hurd | Site talosintelligence.com

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.

tags | exploit, web, cgi, javascript, code execution, xss
advisories | CVE-2018-4065
MD5 | 9c802870395109f5bce702b93c61851d
Google Chrome 73.0.3683.103 V8 JavaScript Engine Denial Of Service
Posted Apr 22, 2019
Authored by Bogdan Kurinnoy

Google Chrome version 73.0.3683.103 V8 JavaScript Engine out-of-memory in invalid table size denial of service proof of concept exploit.

tags | exploit, denial of service, javascript, proof of concept
MD5 | 5b21bbbc8965966812bc51d2fe34bb3f
Ubuntu Security Notice USN-3948-1
Posted Apr 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3948-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-11070, CVE-2019-8518, CVE-2019-8536, CVE-2019-8559
MD5 | afdf0e0cecca2a8868662e6759e344de
Chrome 73.0.3683.86 Stable Proof Of Concept
Posted Apr 4, 2019
Authored by Istvan Kurucsai

Chrome version 73.0.3683.86 stable exploit for chromium issue 941743, tested on Windows 10 x64, which leverages a flaw in the V8 javascript engine.

tags | exploit, javascript
systems | windows
MD5 | 3942490d2a3c9f4e77eb820e2de2a909
Page 1 of 29
Back12345Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close