Exploit the possiblities
Showing 76 - 100 of 651 RSS Feed

JavaScript Files

Firefox Same Origin Policy Bypass
Posted Aug 16, 2015
Authored by Bikash Dash

Proof of concept exploit that demonstrates how an attacker can bypass same-origin policy on Firefox and inject javascript into the built-in pdf reader.

tags | exploit, javascript, proof of concept
systems | linux
advisories | CVE-2015-4495
MD5 | 30033addf0b1d971a0f676f52de2e6b5
Debian Security Advisory 3335-1
Posted Aug 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3335-1 - It was discovered that Request Tracker, an extensible trouble-ticket tracking system is susceptible to a cross-site scripting attack via the user an group rights management pages and via the cryptography interface, allowing an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected by the second cross-site scripting vulnerability.

tags | advisory, javascript, xss
systems | linux, debian
advisories | CVE-2015-5475
MD5 | df60ed0b4d5e91fd9ef665f132c7cbb2
Red Hat Security Advisory 2015-1546-01
Posted Aug 5, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1546-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining mode. This flaw allows a man-in-the-middle attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

tags | advisory, javascript
systems | linux, redhat
advisories | CVE-2014-3566
MD5 | 51536efc725d1d39331fd0f75b8b1916
Red Hat Security Advisory 2015-1545-01
Posted Aug 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1545-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining mode. This flaw allows a man-in-the-middle attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

tags | advisory, javascript
systems | linux, redhat
advisories | CVE-2014-3566
MD5 | f7692fe6663076f134aa07090d63b594
Axigen Cross Site Scripting
Posted Jul 21, 2015
Authored by Ioan Indreias

Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expose an Axigen WebMail Ajax user to cross site scripting or other attacks that rely on arbitrary javascript code running within a trusted domain.

tags | advisory, arbitrary, javascript, xss
advisories | CVE-2015-5379
MD5 | dbddf61e5cc73846d231e6e6916e73d7
Htcap Analysis Tool Alpha 0.1
Posted Jun 26, 2015
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

tags | tool, web, javascript, sniffer, python
MD5 | 16b53ba407c04e4843e48ce107b43931
Debian Security Advisory 3249-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3249-1 - Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its "title" option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.

tags | advisory, remote, web, arbitrary, javascript, xss
systems | linux, debian
advisories | CVE-2010-5312
MD5 | 0c7b6e47c75b967c9ba918f7ad015675
Mandriva Linux Security Advisory 2015-200
Posted Apr 13, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-200 - In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScript using animate elements was incorrect. In MediaWiki before 1.23.9, a stored XSS vulnerability exists due to the way attributes were expanded in MediaWiki's Html class, in combination with LanguageConverter substitutions. In MediaWiki before 1.23.9, MediaWiki's SVG filtering could be bypassed with entity encoding under the Zend interpreter. This could be used to inject JavaScript. In MediaWiki before 1.23.9, one could bypass the style filtering for SVG files to load external resources. This could violate the anonymity of users viewing the SVG. In MediaWiki before 1.23.9, MediaWiki versions using PBKDF2 for password hashing are vulnerable to DoS attacks using extremely long passwords. In MediaWiki before 1.23.9, MediaWiki is vulnerable to Quadratic Blowup DoS attacks, under both HHVM and Zend PHP. In MediaWiki before 1.23.9, the MediaWiki feature allowing a user to preview another user's custom JavaScript could be abused for privilege escalation. In MediaWiki before 1.23.9, function names were not sanitized in Lua error backtraces, which could lead to XSS. In MediaWiki before 1.23.9, the CheckUser extension did not prevent CSRF attacks on the form allowing checkusers to look up sensitive information about other users. Since the use of CheckUser is logged, the CSRF could be abused to defame a trusted user or flood the logs with noise. The mediawiki package has been updated to version 1.23.9, fixing these issues and other bugs.

tags | advisory, php, javascript
systems | linux, mandriva
advisories | CVE-2015-2931, CVE-2015-2932, CVE-2015-2933, CVE-2015-2934, CVE-2015-2935, CVE-2015-2936, CVE-2015-2937, CVE-2015-2938, CVE-2015-2939, CVE-2015-2940
MD5 | 4e19e3d78cee16f5d0b6457932bb0c8f
Mandriva Linux Security Advisory 2015-178
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-178 - A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop.

tags | advisory, remote, denial of service, javascript
systems | linux, mandriva
advisories | CVE-2014-7204
MD5 | 70c32609d4f7a47cd7a03468a4c2f640
Ubuntu Security Notice USN-2538-1
Posted Mar 23, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2538-1 - A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Mariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. Various other issues were also addressed.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2015-0817, CVE-2015-0818
MD5 | bd432c00a10f6362e1287d8ebfc209a6
Analysis Of Fake Antivirus Malware Delivery
Posted Feb 24, 2015
Authored by HauntIT

This is a brief whitepaper that documents how the author analyzed malicious javascript and a host used for slinging fake antivirus software.

tags | paper, javascript, virus
MD5 | 3654b81a0923d7139addc5474f5d80b0
Debian Security Advisory 3168-1
Posted Feb 23, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3168-1 - Kousuke Ebihara discovered that redcloth, a Ruby module used to convert Textile markup to HTML, did not properly sanitize its input. This allowed a remote attacker to perform a cross-site scripting attack by injecting arbitrary JavaScript code into the generated HTML.

tags | advisory, remote, arbitrary, javascript, xss, ruby
systems | linux, debian
advisories | CVE-2012-6684
MD5 | 256021d44b205acde322720a2ecc674c
Javascript Injection For Eval-Based Unpackers
Posted Feb 19, 2015
Authored by joev | Site metasploit.com

This Metasploit module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker.

tags | exploit, arbitrary, javascript
MD5 | aa5a02de3ff662a29dec25c941017dce
IBM Endpoint Manager 9.1.x / 9.2.x Cross Site Scripting
Posted Feb 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered that the IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScript code that is executed when the page is opened in a browser. Affected versions include 9.1.x versions earlier than 9.1.1229 and 9.2.x versions earlier than 9.2.1.48.

tags | exploit, javascript
advisories | CVE-2014-6137
MD5 | 49ef28f0c7683e14b4ba00871d87d4e5
PHP Shell Backdoors
Posted Dec 20, 2014
Authored by KnocKout

This is a brief write up noting javascript backdoors left in common PHP shells.

tags | paper, shell, php, javascript
MD5 | 465a8584e9016e457c0c418a061e0cce
Ubuntu Security Notice USN-2423-1
Posted Nov 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2423-1 - Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2013-6497, CVE-2014-9050
MD5 | a2a47d5b596acc51c92366b5c5f92d4c
Ubuntu Security Notice USN-2414-1
Posted Nov 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2414-1 - Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2014-8600
MD5 | 094f1b5dabf2558563db7115a0145327
WordPress 3.9.2 Cross Site Scripting
Posted Nov 21, 2014
Authored by Jouko Pynnonen | Site klikki.fi

A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These do not require authentication by default.

tags | advisory, javascript, xss
MD5 | 0f7f12faafeedc2e7b0977984f3b5a0a
Mandriva Linux Security Advisory 2014-217
Posted Nov 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-217 - ClamAV 0.98.5 addresses several reported potential security bugs. Certain javascript files causes ClamAV to segfault when scanned with the -a.

tags | advisory, javascript
systems | linux, mandriva
advisories | CVE-2013-6497
MD5 | 55c8f57fb13787c2d2b9841f0ae8edb2
IO Slaves KDE Insufficient Input Validation
Posted Nov 19, 2014
Authored by D. Burton, T. Brown | Site portcullis-security.com

It was discovered that a number of the protocol handlers (referred to as IO slaves) did not satisfactorily handle malicious input. It is possible for an attacker to inject JavaScript by manipulating IO slave URI such that the JavaScript from the manipulated request is returned in the response.

tags | exploit, javascript, protocol
advisories | CVE-2014-8600
MD5 | 36248d1b9a357a4aabeb1f26abe80403
Red Hat Security Advisory 2014-1744-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1744-01 - V8 is Google's open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8. Multiple flaws were discovered in V8. Untrusted JavaScript code executed by V8 could use either of these flaws to crash V8 or, possibly, execute arbitrary code with the privileges of the user running V8.

tags | advisory, remote, overflow, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2013-6639, CVE-2013-6640, CVE-2013-6650, CVE-2013-6668, CVE-2014-1704, CVE-2014-5256
MD5 | f1af5e450e6fdc8f338c2df352090022
Mandriva Linux Security Advisory 2014-206
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-206 - A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop.

tags | advisory, remote, denial of service, javascript
systems | linux, mandriva
advisories | CVE-2014-7204
MD5 | 2f6a84215d9ff0054e968de79614060b
Mandriva Linux Security Advisory 2014-198
Posted Oct 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-198 - MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specificed CSS in certain special pages.

tags | advisory, javascript, xss
systems | linux, mandriva
advisories | CVE-2014-7199, CVE-2014-7295
MD5 | d2e374028142e4024b2a82786253e5cf
Red Hat Security Advisory 2014-1647-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1647-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.

tags | advisory, remote, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2014-1574, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581
MD5 | c24c5964a0ae870d38ad24408749517f
Debian Security Advisory 3046-1
Posted Oct 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3046-1 - It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS, on security-wise sensitive pages like Special:Preferences and Special:UserLogin. This update removes the separation of CSS and JavaScript module allowance.

tags | advisory, javascript
systems | linux, debian
advisories | CVE-2014-7295
MD5 | f7589dc4e9d2f3e241f5d7c3deb5e578
Page 4 of 26
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close