exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 891 RSS Feed

JavaScript Files

Ubuntu Security Notice USN-6782-1
Posted May 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6782-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2024-4367, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777
SHA-256 | 0f0a71c347b975f78289e67052bdd319bc9db3306585631d3361530ff7c998bf
Ubuntu Security Notice USN-6732-1
Posted Apr 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6732-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-42843, CVE-2024-23254
SHA-256 | de34dd341ebb6d403b4c828166ceeda34879902207f833c29fa8ffd18d7ee2ad
Debian Security Advisory 5645-1
Posted Mar 25, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5645-1 - Manfred Paul discovered a flaw in the Mozilla Firefox web browser, allowing an attacker to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.

tags | advisory, web, arbitrary, javascript
systems | linux, debian
advisories | CVE-2024-29944
SHA-256 | 4f5d9a853e227dab14b126ce8536d5e0bccc071fc1e3eea740c201c1d75a9146
NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution
Posted Mar 12, 2024
Authored by chebuya

NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.

tags | exploit, web, javascript, xss
advisories | CVE-2024-28741
SHA-256 | e3d03b1bb5d42cd9ee527169a57dc6bfa52c6c6b50d4e1a990a6c9443e01b3b1
Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.

tags | exploit, javascript, proof of concept
systems | windows
SHA-256 | 7ab1d57cbbb29f8168521971a747af06eab9ef184d9f61ee316413db3f71e0c9
Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

tags | exploit, javascript, activex
systems | windows
SHA-256 | 59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71eb
Ubuntu Security Notice USN-6631-1
Posted Feb 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2024-23206
SHA-256 | 4b6f4fc061a2d62f4bfc4c023b3a9687f579682d0d0d93b1e1032a14339c54da
Chrome 121 Javascript Fork Malloc Bomb
Posted Jan 29, 2024
Authored by Georgi Guninski

Chrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash.

tags | exploit, denial of service, javascript
SHA-256 | c5fe58fff9338fa2b857b94610a42def7f40d9f7d58140b30fcf25e66b5a7686
Ubuntu Security Notice USN-6582-1
Posted Jan 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6582-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-42883
SHA-256 | efacb4bdb05b573622a6891d651f7f79948338036201cc4c73c3478731777aee
Ubuntu Security Notice USN-6574-1
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6574-1 - Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that Go did not properly validate the "//go:cgo_" directives during compilation. An attacker could possibly use this issue to inject arbitrary code during compile time.

tags | advisory, arbitrary, javascript, xss
systems | linux, ubuntu
advisories | CVE-2023-39318, CVE-2023-39323, CVE-2023-39326, CVE-2023-45285
SHA-256 | b8c2a5761a1b9b637336f2af66c0577c0e91e5d6928b1d69d773c8f5060e8589
Ubuntu Security Notice USN-6545-1
Posted Dec 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-42916
SHA-256 | ed8f1270abdbd4bf7807cfa9dd7fc1ef9156b37591e7a5e6e09c1c6727c271f3
Debian Security Advisory 5572-1
Posted Dec 4, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5572-1 - Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would allow an attacker to load arbitrary JavaScript code.

tags | advisory, arbitrary, javascript, imap
systems | linux, debian
advisories | CVE-2023-47272
SHA-256 | 7488c1f8cb39c45a8e6fb8d221877649d21afc6a14f9c3eceb2b735b03ccc617
Ubuntu Security Notice USN-6490-1
Posted Nov 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6490-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-41983
SHA-256 | d35bfaa2f5bcc9080ab733d02c9fe09161108b6505edc3ee149515eb5f62da3a
Debian Security Advisory 5531-1
Posted Oct 23, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.

tags | advisory, arbitrary, javascript, imap
systems | linux, debian
advisories | CVE-2023-5631
SHA-256 | 961824a129d751981518c8ecfbe654d441e2922aec3a9645d77dae20b42b7ecd
Red Hat Security Advisory 2023-5850-01
Posted Oct 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5850-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 650835598afd6c11115a7e40d6a7be3795b42e03a8212940f265e57bf3110114
Red Hat Security Advisory 2023-5849-01
Posted Oct 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5849-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-38552
SHA-256 | 4cd8422245370ccb596477251bb031a87f869e2a9b3e9e7e885237856993e7e9
Red Hat Security Advisory 2023-5840-01
Posted Oct 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5840-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 4cbb47441d16f3be2a4e43925a86740bc34c63a4183cef60b5e8c467a60b123a
Red Hat Security Advisory 2023-5803-01
Posted Oct 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5803-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | ad72a9a10edb55d6647c068ab8910e99d6be9154ae3dfb8efaff25010eb99774
Debian Security Advisory 5528-1
Posted Oct 17, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5528-1 - William Khem-Marquez discovered that using malicious plugins for the the Babel JavaScript compiler could result in arbitrary code execution during compilation.

tags | advisory, arbitrary, javascript, code execution
systems | linux, debian
advisories | CVE-2023-45133
SHA-256 | 8e9e8528781517c283dd31746e17304f3aa59d28da1d214c1d5ecffd747062ff
Red Hat Security Advisory 2023-5765-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5765-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 6b13b57b801319ae2d26fa965809d3592ac24a8e12394e5471f7261831a205a7
Red Hat Security Advisory 2023-5764-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5764-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 022e1f4af9e816dca761f97f9f1ac70762f736c2c5bfbf981d1192f85fdb880b
Red Hat Security Advisory 2023-1583-01
Posted Oct 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1583-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass, crlf injection, and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-35065
SHA-256 | 6075c7c63e15ec1bc1dbd5da18c73b8cb6974916991bf8f85da751a77f8fb25c
Red Hat Security Advisory 2023-1582-01
Posted Oct 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1582-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-35065
SHA-256 | 0f72c48a1209ee67b23589645b73cc37da22b841c606d6e6e4e089afa31b58cb
Ubuntu Security Notice USN-6426-1
Posted Oct 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6426-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2023-39928
SHA-256 | c72aad25773c01cb851fed77dfb508210a1e943aafc90c6b284c85d17dc7a9b8
Red Hat Security Advisory 2023-5533-01
Posted Oct 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

tags | advisory, web, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25881, CVE-2022-4904, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | a1de4803284127ae04070476723bb3381abb23fa8706dae7ab1c90bb1713980b
Page 1 of 36
Back12345Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close