Twenty Year Anniversary
Showing 1 - 25 of 657 RSS Feed

JavaScript Files

Ubuntu Security Notice USN-3687-1
Posted Jun 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3687-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-12293, CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233
MD5 | 55bf9fa9e7a0502036a4c6a0c0d90f46
Ubuntu Security Notice USN-3635-1
Posted May 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3635-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165
MD5 | 85531931d71d0277a373662193a6ba19
Metasploit msfd Remote Code Execution Via Browser
Posted May 1, 2018
Authored by Robin Stenvi | Site metasploit.com

Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This Metasploit module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data. These POST-requests can be sent cross-domain and can therefore be sent to localhost on the victim's machine. The msfconsole-command to execute code is 'rbi -e "CODE"'. Exploitation when the browser is running on Windows is unreliable and the exploit is only usable when IE is used and the quiet-flag has been passed to msf-daemon.

tags | exploit, web, javascript, tcp
systems | windows
MD5 | 9424518a3a5f452ec2a431c5b398c292
Google Chrome V8 AwaitedPromise Update Bug
Posted Apr 26, 2018
Authored by Google Security Research, lokihardt

Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.

tags | exploit, javascript
advisories | CVE-2018-6106
MD5 | eb56f2216b0ca1318d166d23fcad7b4c
KETAMINE: SecureRandom() Weakness
Posted Apr 13, 2018

A significant number of past and current cryptocurrency products contain a JavaScript class named SecureRandom(), containing both entropy collection and a PRNG. The entropy collection and the RNG itself are both deficient to the degree that key material can be recovered by a third party with medium complexity.

tags | advisory, javascript
MD5 | 893d474d121cd29fb6bb8f8f0d4d294c
Red Hat Security Advisory 2018-0380-01
Posted Mar 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0380-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: A flaw was found in CloudForms in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP prevents exploitation of this XSS however not all browsers support CSP.

tags | advisory, web, javascript, ruby
systems | linux, redhat
advisories | CVE-2017-15125
MD5 | c2fb88600f9209d507f9f5e45b216333
Ubuntu Security Notice USN-3551-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3551-1 - Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code.

tags | advisory, web, denial of service, arbitrary, spoof, javascript
systems | linux, ubuntu
advisories | CVE-2017-13884, CVE-2017-13885, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2018-4088, CVE-2018-4096
MD5 | 03155ba7333222d7d3aaa92e3651eaee
Ubuntu Security Notice USN-3529-1
Posted Jan 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3529-1 - It was discovered that a From address encoded with a null character is cut off in the message header display. An attacker could potentially exploit this to spoof the sender address. It was discovered that it is possible to execute JavaScript in RSS feeds in some circumstances. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this in combination with another vulnerability, in order to cause unspecified problems. Various other issues were also addressed.

tags | advisory, spoof, javascript
systems | linux, ubuntu
advisories | CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, CVE-2018-5013, CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117
MD5 | d84c99d87e33bb182108e9d20d529f0f
Ubuntu Security Notice USN-3530-1
Posted Jan 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3530-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.

tags | advisory, web, javascript
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 3bf2820a2ba39d395b37c51cb752e3d9
Microsoft Edge Chakra JIT Op_MaxInAnArray / Op_MinInAnArray Misuse
Posted Jan 10, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT has an issue where Op_MaxInAnArray and Op_MinInAnArray Misuse can explicitly call user defined JavaScript functions.

tags | exploit, javascript
advisories | CVE-2017-11893
MD5 | 077ed40c3d16dd77486c3f7c155974d8
Ubuntu Security Notice USN-3516-1
Posted Jan 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3516-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.

tags | advisory, web, javascript
systems | linux, ubuntu
advisories | CVE-2017-5753, CVE-2017-5754
MD5 | 7515f6660d050f517b1107818beb00d4
Ubuntu Security Notice USN-3514-1
Posted Jan 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3514-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156
MD5 | 485f3d664c8d9b91f9a34e0bb3715a85
Chatting System PHP Ajax MySQL JavaScript 1.0 Shell Upload
Posted Dec 31, 2017
Authored by ShanoWeb

Chatting System PHP Ajax MySQL JavaScript version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php, javascript
MD5 | 6965ee7b894ef707384f83dda4e6dd4a
Chatting System PHP Ajax MySQL JavaScript 1.0 Cross Site Scripting
Posted Dec 31, 2017
Authored by ShanoWeb

Chatting System PHP Ajax MySQL JavaScript version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, javascript, xss
MD5 | 8080ac0081699a839acf51f994db6389
Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS
Posted Dec 25, 2017
Authored by James Lee

Samsung Internet Browser version 6.2.01.12 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code.

tags | exploit, remote, javascript, xss, bypass
advisories | CVE-2017-17859
MD5 | b1ce454efa3a1fa02567e32b162d80b7
Chakra CFG Bypass By Overwriting JavaScript Bytecode
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Chakra suffers from a CFG bypass by overwriting JavaScript bytecode.

tags | advisory, javascript
MD5 | 9e57eaebd2d21e12b8ff2602894b0871
Chakra CFG Bypass With leafInterpreterFrame
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Chakra suffers from a CFG bypass with leafInterpreterFrame. Every JavaScript variable in Chakra (except a tagged int) is a pointer. From this pointer, using an arbitrary read, it is possible to follow a chain of pointers and end up with a pointer to the native stack. This allows disclosing the stack location and subsequently overwriting a return address on the stack leading to CFG bypass.

tags | advisory, arbitrary, javascript
MD5 | d1393f9681bc2674203c0bdd4afaea99
Ubuntu Security Notice USN-3477-3
Posted Dec 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3477-3 - USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting attacks. It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842
MD5 | 998ce8623ace567ce271665c533d0819
Ubuntu Security Notice USN-3477-2
Posted Nov 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3477-2 - USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting attacks. It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842
MD5 | 6cdcaf4a995ce8dd8f0d4dc8e6b43d6b
Ubuntu Security Notice USN-3481-1
Posted Nov 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3481-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
MD5 | 68e7c4cff272deb50d9fba595e29a0d0
Ubuntu Security Notice USN-3460-1
Posted Oct 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3460-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120
MD5 | 254d64d18cd661912facd6bbf8261ce5
Red Hat Security Advisory 2017-3002-01
Posted Oct 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3002-01 - Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs. Security Fix: It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a denial of service.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2017-11499
MD5 | e84a36dc850e70dc60c7e0b8782502f5
Red Hat Security Advisory 2017-2908-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2908-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs. Security Fix: It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a denial of service.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2017-11499
MD5 | fcced40d7b65fd2217ee8c1369b9741a
Mac OS X Local Javascript Quarantine Bypass
Posted Sep 30, 2017
Authored by Filippo Cavallarin

Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions.

tags | exploit, arbitrary, javascript
systems | apple, osx
MD5 | 7f3e94a8e7dafebd1c8b7b6ad3c50ead
Phrack - Attacking JavaScript Engines
Posted Sep 26, 2017
Authored by phrack, saelo

Phrack: Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622.

tags | javascript, magazine
advisories | CVE-2016-4622
MD5 | 7eb5ac7affbfc927e6c0294bb84baa2c
Page 1 of 27
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    9 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    34 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    13 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close