Exploit the possiblities
Showing 76 - 100 of 642 RSS Feed

JavaScript Files

Ubuntu Security Notice USN-2538-1
Posted Mar 23, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2538-1 - A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Mariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. Various other issues were also addressed.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2015-0817, CVE-2015-0818
MD5 | bd432c00a10f6362e1287d8ebfc209a6
Analysis Of Fake Antivirus Malware Delivery
Posted Feb 24, 2015
Authored by HauntIT

This is a brief whitepaper that documents how the author analyzed malicious javascript and a host used for slinging fake antivirus software.

tags | paper, javascript, virus
MD5 | 3654b81a0923d7139addc5474f5d80b0
Debian Security Advisory 3168-1
Posted Feb 23, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3168-1 - Kousuke Ebihara discovered that redcloth, a Ruby module used to convert Textile markup to HTML, did not properly sanitize its input. This allowed a remote attacker to perform a cross-site scripting attack by injecting arbitrary JavaScript code into the generated HTML.

tags | advisory, remote, arbitrary, javascript, xss, ruby
systems | linux, debian
advisories | CVE-2012-6684
MD5 | 256021d44b205acde322720a2ecc674c
Javascript Injection For Eval-Based Unpackers
Posted Feb 19, 2015
Authored by joev | Site metasploit.com

This Metasploit module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker.

tags | exploit, arbitrary, javascript
MD5 | aa5a02de3ff662a29dec25c941017dce
IBM Endpoint Manager 9.1.x / 9.2.x Cross Site Scripting
Posted Feb 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered that the IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScript code that is executed when the page is opened in a browser. Affected versions include 9.1.x versions earlier than 9.1.1229 and 9.2.x versions earlier than 9.2.1.48.

tags | exploit, javascript
advisories | CVE-2014-6137
MD5 | 49ef28f0c7683e14b4ba00871d87d4e5
PHP Shell Backdoors
Posted Dec 20, 2014
Authored by KnocKout

This is a brief write up noting javascript backdoors left in common PHP shells.

tags | paper, shell, php, javascript
MD5 | 465a8584e9016e457c0c418a061e0cce
Ubuntu Security Notice USN-2423-1
Posted Nov 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2423-1 - Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2013-6497, CVE-2014-9050
MD5 | a2a47d5b596acc51c92366b5c5f92d4c
Ubuntu Security Notice USN-2414-1
Posted Nov 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2414-1 - Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2014-8600
MD5 | 094f1b5dabf2558563db7115a0145327
WordPress 3.9.2 Cross Site Scripting
Posted Nov 21, 2014
Authored by Jouko Pynnonen | Site klikki.fi

A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These do not require authentication by default.

tags | advisory, javascript, xss
MD5 | 0f7f12faafeedc2e7b0977984f3b5a0a
Mandriva Linux Security Advisory 2014-217
Posted Nov 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-217 - ClamAV 0.98.5 addresses several reported potential security bugs. Certain javascript files causes ClamAV to segfault when scanned with the -a.

tags | advisory, javascript
systems | linux, mandriva
advisories | CVE-2013-6497
MD5 | 55c8f57fb13787c2d2b9841f0ae8edb2
IO Slaves KDE Insufficient Input Validation
Posted Nov 19, 2014
Authored by D. Burton, T. Brown | Site portcullis-security.com

It was discovered that a number of the protocol handlers (referred to as IO slaves) did not satisfactorily handle malicious input. It is possible for an attacker to inject JavaScript by manipulating IO slave URI such that the JavaScript from the manipulated request is returned in the response.

tags | exploit, javascript, protocol
advisories | CVE-2014-8600
MD5 | 36248d1b9a357a4aabeb1f26abe80403
Red Hat Security Advisory 2014-1744-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1744-01 - V8 is Google's open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8. Multiple flaws were discovered in V8. Untrusted JavaScript code executed by V8 could use either of these flaws to crash V8 or, possibly, execute arbitrary code with the privileges of the user running V8.

tags | advisory, remote, overflow, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2013-6639, CVE-2013-6640, CVE-2013-6650, CVE-2013-6668, CVE-2014-1704, CVE-2014-5256
MD5 | f1af5e450e6fdc8f338c2df352090022
Mandriva Linux Security Advisory 2014-206
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-206 - A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop.

tags | advisory, remote, denial of service, javascript
systems | linux, mandriva
advisories | CVE-2014-7204
MD5 | 2f6a84215d9ff0054e968de79614060b
Mandriva Linux Security Advisory 2014-198
Posted Oct 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-198 - MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specificed CSS in certain special pages.

tags | advisory, javascript, xss
systems | linux, mandriva
advisories | CVE-2014-7199, CVE-2014-7295
MD5 | d2e374028142e4024b2a82786253e5cf
Red Hat Security Advisory 2014-1647-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1647-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.

tags | advisory, remote, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2014-1574, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581
MD5 | c24c5964a0ae870d38ad24408749517f
Debian Security Advisory 3046-1
Posted Oct 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3046-1 - It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS, on security-wise sensitive pages like Special:Preferences and Special:UserLogin. This update removes the separation of CSS and JavaScript module allowance.

tags | advisory, javascript
systems | linux, debian
advisories | CVE-2014-7295
MD5 | f7589dc4e9d2f3e241f5d7c3deb5e578
ZyXEL SBG-3300 Security Gateway Denial Of Service
Posted Oct 3, 2014
Authored by Mirko Casadei

ZyXEL SBG-3300 Security Gateway suffers from a malicious javascript denial of service vulnerability.

tags | exploit, denial of service, javascript
advisories | CVE-2014-7278
MD5 | 282b257bf5b5859ca0c24098bf1f14ef
Apple Security Advisory 2014-09-17-5
Posted Sep 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-09-17-5 - OS X Server 3.2.1 is now available and addresses arbitrary SQL execution, arbitrary javascript execution, and multiple vulnerabilities in PostgreSQL.

tags | advisory, arbitrary, javascript
systems | apple, osx
advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-4406, CVE-2014-4424
MD5 | 46b96ce83e6920723049bf0de2dcb542
Firefox WebIDL Privileged Javascript Injection
Posted Aug 27, 2014
Authored by joev, Marius Mlynski | Site metasploit.com

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs.

tags | exploit, remote, javascript, vulnerability, code execution
advisories | CVE-2014-1510, CVE-2014-1511
MD5 | cd3bc27615aee1fe6d9023c93754e0ee
Firefox toString console.time Privileged Javascript Injection
Posted Aug 18, 2014
Authored by moz_bug_r_a4, joev, Cody Crews | Site metasploit.com

This Metasploit module gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.

tags | exploit, remote, javascript, vulnerability, code execution
advisories | CVE-2013-1670, CVE-2013-1710
MD5 | 161163ea27bfe8bf6f13a8d33a2731a7
Apache Cordova 3.5.0 Data Leak
Posted Aug 12, 2014
Authored by Roee Hay, David Kaplan

Android applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network. This release is an update to a prior advisory.

tags | advisory, arbitrary, javascript
advisories | CVE-2014-3502
MD5 | 11bd1a4ff480650cd4d04188db43facf
Baidu Spark Browser 26.5.9999.3511 Stack Overflow
Posted Jun 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

Spark Browser version 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) resulting in stack overflow via nested calls to the window.print javascript function.

tags | exploit, remote, denial of service, overflow, javascript
MD5 | 00d4cae32afc7dd800c0f99fa2089885
Sophos Antivirus 9.5.1 Cross Site Scripting
Posted Jun 26, 2014
Authored by Pablo Catalina | Site portcullis-security.com

The Configuration Console of Sophos Antivirus version 9.5.1 (Linux) does not sanitize several input parameters before sending them back to the browser, so an attacker could inject code inside these parameters, including JavaScript code.

tags | advisory, javascript, xss
systems | linux
advisories | CVE-2014-2385
MD5 | b50071d884e4bb8703c92578301ba5cb
Endeca Latitude 2.2.2 Cross Site Scripting
Posted Jun 25, 2014
Site redteam-pentesting.de

RedTeam Pentesting discovered a cross site scripting vulnerability in Endeca Latitude version 2.2.2. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users.

tags | exploit, arbitrary, javascript, xss
advisories | CVE-2014-2400
MD5 | 8e9a895e532aebf33732d79e3c08ab34
Red Hat Security Advisory 2014-0785-01
Posted Jun 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0785-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. Seam is an open source development platform for building rich Internet applications in Java. Seam integrates technologies such as Asynchronous JavaScript and XML, JavaServer Faces, Java Persistence API, and Enterprise Java Beans. Seam 2.3 provides support for JSF 2, RichFaces 4, and JPA 2 capabilities, running on top of Red Hat JBoss Enterprise Application Platform 6. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application.

tags | advisory, remote, web, arbitrary, javascript, code execution
systems | linux, redhat
advisories | CVE-2014-0248
MD5 | f5ef970fb9b706e2cdd8e4773250056e
Page 4 of 26
Back23456Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close