exploit the possibilities
Showing 1 - 25 of 682 RSS Feed

JavaScript Files

How Do You Use An XSS As A Keylogger?
Posted Mar 10, 2019
Authored by Ismail Tasdelen

This is the world's shortest whitepaper showing how to use javascript to record keystrokes and log them.

tags | paper, javascript
MD5 | 7b93299171e5f7b4226507db4f42a273
Ubuntu Security Notice USN-3889-1
Posted Feb 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3889-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-6212
MD5 | 13b47ad83ec48720409f49c0385d5369
Microsoft Edge Chakra JIT Use-After-Free / Flag Issue
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.

tags | exploit, javascript
advisories | CVE-2019-0568
MD5 | 5c28c1a80c423bfe8ef6de5aa3f1170b
Ubuntu Security Notice USN-3854-1
Posted Jan 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3854-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-4437
MD5 | f8474b7b46329623febcb7514c73d299
Google Chrome V8 JavaScript Engine 71.0.3578.98 Memory Exhaustion
Posted Jan 10, 2019
Authored by Bogdan Kurinnoy

Google Chrome V8 JavaScript Engine version 71.0.3578.98 has an out-of-memory in invalid array length denial of service vulnerability.

tags | exploit, denial of service, javascript
MD5 | 9238cf2c2f6c3d4798813d47b4515b14
Google Chrome V8 JavaScript Engine 71.0.3578.98 Denial Of Service
Posted Jan 9, 2019
Authored by Bogdan Kurinnoy

Google Chrome V8 JavaScript Engine version 71.0.3578.98 suffers from a denial of service vulnerability.

tags | exploit, denial of service, javascript
MD5 | c3001fc74087cc36390e2cf67a3cdee9
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 XSS
Posted Jan 7, 2019
Authored by LiquidWorm | Site zeroscience.mk

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a stored cross site scripting vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, javascript, xss, file upload
MD5 | c29aaada51feda9d709457babad0536e
Safari Proxy Object Type Confusion
Posted Dec 13, 2018
Authored by saelo | Site metasploit.com

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion.

tags | exploit, arbitrary, javascript
advisories | CVE-2018-4233, CVE-2018-4404
MD5 | c501475e6a50c14cfc8ea6a100c5476d
WordPress CSS And JavaScript Toolbox 8.4.1 Database Disclosure
Posted Dec 10, 2018
Authored by KingSkrupellos

WordPress CSS and JavaScript Toolbox plugin version 8.4.1 suffers from a database disclosure vulnerability.

tags | exploit, javascript, info disclosure
MD5 | e49e50fe2c66749bd0ee29359334471e
Htcap Analysis Tool 1.1.0
Posted Nov 28, 2018
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: In this release phantomjs has been replaced by headless chrome (nodejs + puppetter) and the crawl engine has been partially rewritten to take advantage of async/await features available in chrome.
tags | tool, web, javascript, sniffer, python
MD5 | a2f01fa9d4dd9ee08c5e81ce353b8c53
XSS Fuzzer
Posted Nov 28, 2018
Authored by Poyo VL | Site xssfuzzer.com

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.

tags | tool, arbitrary, javascript, fuzzer
MD5 | 1d8dc7cc10e6b2e2078281902563507f
Ubuntu Security Notice USN-3828-1
Posted Nov 28, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3828-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-4345
MD5 | 13478beb3613d4567fa039a37fb38d4f
Debian Security Advisory 4340-1
Posted Nov 20, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4340-1 - An out-of-bounds bounds memory access issue was discovered in chromium's v8 javascript library by cloudfuzzer.

tags | advisory, javascript
systems | linux, debian
advisories | CVE-2018-17478
MD5 | bfd24298c65684c48f7dfd5a9793a54e
Red Hat Security Advisory 2018-2949-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2949-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include out-of-bounds write vulnerability.

tags | advisory, javascript
systems | linux, redhat
advisories | CVE-2018-12115
MD5 | 99a367702b684fdf400d41ee1478eb2a
Red Hat Security Advisory 2018-2944-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2944-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include an out-of-bounds write vulnerability.

tags | advisory, javascript
systems | linux, redhat
advisories | CVE-2018-12115
MD5 | c9342f5d00ef12e9694c240bcf0e06c9
Ubuntu Security Notice USN-3781-2
Posted Oct 10, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3781-2 - USN-3781-1 fixed vulnerabilities in WebKitGTK+. The updated package was missing some header files, preventing certain applications from building. This update fixes the problem. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, javascript, vulnerability, code execution, xss
systems | linux, ubuntu
MD5 | a6bc4a13b0557d357067efa2bbc88f09
Ubuntu Security Notice USN-3778-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3778-1 - A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, javascript
systems | linux, ubuntu
advisories | CVE-2018-12385, CVE-2018-12386, CVE-2018-12387
MD5 | c62ea9beea2ef5ac1b71a02d553818db
Ubuntu Security Notice USN-3781-1
Posted Oct 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3781-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-4191, CVE-2018-4209, CVE-2018-4299, CVE-2018-4312, CVE-2018-4317, CVE-2018-4328
MD5 | b9204d5224fba5ea1f9e172cb10b6dda
Ubuntu Security Notice USN-3743-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3743-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-12911, CVE-2018-4263, CVE-2018-4267, CVE-2018-4278
MD5 | 40cbebca101b1768a0afa00205ce7873
Red Hat Security Advisory 2018-2245-01
Posted Jul 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2245-01 - Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS. Issues addressed include a traversal vulnerability.

tags | advisory, web, javascript, ruby
systems | linux, redhat
advisories | CVE-2018-3760
MD5 | 4cddbf970a525c46f424b9018ec2be7a
Red Hat Security Advisory 2018-2244-01
Posted Jul 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2244-01 - Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS. Issues addressed include a traversal vulnerability.

tags | advisory, web, javascript, ruby
systems | linux, redhat
advisories | CVE-2018-3760
MD5 | c8e6a8b16ca9c1af84c6ecdfe2748f94
RSA Archer 6.x Cross Site Scripting / Authorization Bypass
Posted Jul 20, 2018
Authored by Francesca Perrone, Donato Onofri | Site emc.com

RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

tags | advisory, remote, web, javascript, xss, bypass
advisories | CVE-2018-11059, CVE-2018-11060
MD5 | 574ac49865a7a3a381903494b92d19f8
JavaScript Core Arbitrary Code Execution
Posted Jul 18, 2018
Authored by ret2

JavaScript Core arbitrary code execution exploit.

tags | exploit, arbitrary, javascript, code execution
advisories | CVE-2018-4192
MD5 | 451614b5b6654ae9f5e8d9bc10001aef
macOS / iOS OfficeImporter JavaScript Injection
Posted Jul 13, 2018
Authored by Google Security Research, lokihardt

macOS and iOS suffer from a javascript injection bug in OfficeImporter.

tags | exploit, javascript
systems | cisco, ios
MD5 | 8a77e3c5cc05866fe394bdbf6a928d1b
RSA Identity Governance And Lifecycle Bypass / XSS
Posted Jul 12, 2018
Authored by Lukasz Plonka | Site emc.com

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system. RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.

tags | advisory, remote, web, arbitrary, javascript, xss, bypass
advisories | CVE-2018-1245, CVE-2018-1255
MD5 | 1a57d9533919b282096f7aa641a6e6a8
Page 1 of 28
Back12345Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close