«
Expand/Collapse
51 items tagged "javascript"
Related tags:
code execution [+],
vulnerability [+],
webkit [+],
paper [+],
obfuscation [+],
heap [+],
foxit [+],
feng shui [+],
browser [+],
alexander sotirov [+],
window javascript [+],
window [+],
switcharoo [+],
proof of concept [+],
proof [+],
pdf reader [+],
multiple [+],
minimal effort [+],
malware [+],
jeremiah grossman [+],
javascript onload [+],
information disclosure vulnerability [+],
history objects [+],
file [+],
engine math [+],
domain information [+],
circumventing [+],
billy hoffman [+],
authors [+],
administrator privileges [+],
administrative user [+],
address [+],
zero day [+],
web [+],
user interface [+],
txt [+],
time [+],
thunderbird [+],
stubs [+],
server side javascript [+],
safari [+],
robert [+],
paul nickerson [+],
oracle java [+],
number [+],
microsoft [+],
martijn wargers [+],
malicious website [+],
lync [+],
jesse ruderman [+],
java [+],
intranet websites [+],
insertion [+],
injection [+],
igor bukanov [+],
hat europe [+],
hacking [+],
grossman [+],
google [+],
gary kwong [+],
feinstein [+],
europe [+],
eduardo vela [+],
dmitri gribenkodmitri [+],
daniel peck [+],
cve [+],
csrf [+],
couchdb [+],
contexts [+],
code [+],
caffeinemonkey [+],
ben feinstein [+],
automated [+],
attacker [+],
arbitrary web [+],
alexander miller [+],
admin interface [+],
xss [+],
wysiwyg editor [+],
wysiwyg [+],
warszawa [+],
video [+],
vbulletin [+],
tinymce [+],
status messages [+],
status [+],
service vulnerability [+],
secure desktop [+],
regular expression [+],
reader [+],
read [+],
planted [+],
php code [+],
openpgp [+],
null byte [+],
mario heiderich [+],
mail encryption [+],
jeremiah [+],
javascript implementation [+],
javascript engine [+],
javascript array [+],
hell [+],
hash collision [+],
hash [+],
germany [+],
foxit reader [+],
flock browser [+],
flock [+],
expression [+],
evasion [+],
engine [+],
encryption [+],
desktop [+],
darknet [+],
cisco secure [+],
cisco [+],
can be [+],
bugtraq [+],
buffer overflow vulnerability [+],
audio [+],
array [+],
apple safari [+],
adserver [+],
Countermeasures [+],
black hat [+],
usa [+]
-
-
17:07
»
Packet Storm Security Exploits
This bug is triggered when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly initialized 'window()' JavaScript function. This exploit results in a call to an address lower than the heap. The javascript prompt() places the shellcode near where the call operand points to. The module calls prompt() multiple times in separate iframes to place our return address. The module hides the prompts in a popup window behind the main window and then it will spray the heap a second time with the shellcode and point the return address to the heap. It then uses a fairly high address to make this exploit more reliable. IE will crash when the exploit completes. Also, please note that Internet Explorer must allow popups in order to continue exploitation.
-
17:07
»
Packet Storm Security Recent Files
This bug is triggered when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly initialized 'window()' JavaScript function. This exploit results in a call to an address lower than the heap. The javascript prompt() places the shellcode near where the call operand points to. The module calls prompt() multiple times in separate iframes to place our return address. The module hides the prompts in a popup window behind the main window and then it will spray the heap a second time with the shellcode and point the return address to the heap. It then uses a fairly high address to make this exploit more reliable. IE will crash when the exploit completes. Also, please note that Internet Explorer must allow popups in order to continue exploitation.
-
17:07
»
Packet Storm Security Misc. Files
This bug is triggered when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly initialized 'window()' JavaScript function. This exploit results in a call to an address lower than the heap. The javascript prompt() places the shellcode near where the call operand points to. The module calls prompt() multiple times in separate iframes to place our return address. The module hides the prompts in a popup window behind the main window and then it will spray the heap a second time with the shellcode and point the return address to the heap. It then uses a fairly high address to make this exploit more reliable. IE will crash when the exploit completes. Also, please note that Internet Explorer must allow popups in order to continue exploitation.
-
-
8:52
»
Packet Storm Security Exploits
It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.
-
8:52
»
Packet Storm Security Recent Files
It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.
-
8:52
»
Packet Storm Security Misc. Files
It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.
-
-
16:15
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-305 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles Rhino Javascript errors. The built-in javascript engine in Java fails to perform sufficient sanitation on javascript error objects. The effect is that untrusted code can run in privileged context. This can result in remote code execution under the context of the current user.
-
16:15
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-305 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles Rhino Javascript errors. The built-in javascript engine in Java fails to perform sufficient sanitation on javascript error objects. The effect is that untrusted code can run in privileged context. This can result in remote code execution under the context of the current user.
-
-
12:39
»
Packet Storm Security Exploits
This Metasploit module exploits an unsafe Javascript API implemented in Foxit PDF Reader version 4.2. The createDataObject() Javascript API function allows for writing arbitrary files to the file system. This issue was fixed in version 4.3.1.0218. Note: This exploit uses the All Users directory currently, which required administrator privileges to write to. This means an administrative user has to open the file to be successful. Kind of lame but thats how it goes sometimes in the world of file write bugs.
-
12:39
»
Packet Storm Security Recent Files
This Metasploit module exploits an unsafe Javascript API implemented in Foxit PDF Reader version 4.2. The createDataObject() Javascript API function allows for writing arbitrary files to the file system. This issue was fixed in version 4.3.1.0218. Note: This exploit uses the All Users directory currently, which required administrator privileges to write to. This means an administrative user has to open the file to be successful. Kind of lame but thats how it goes sometimes in the world of file write bugs.
-
12:39
»
Packet Storm Security Misc. Files
This Metasploit module exploits an unsafe Javascript API implemented in Foxit PDF Reader version 4.2. The createDataObject() Javascript API function allows for writing arbitrary files to the file system. This issue was fixed in version 4.3.1.0218. Note: This exploit uses the All Users directory currently, which required administrator privileges to write to. This means an administrative user has to open the file to be successful. Kind of lame but thats how it goes sometimes in the world of file write bugs.
-
-
18:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 998-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.
-
18:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 998-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.
-
-
18:00
»
Packet Storm Security Recent Files
The Rekonq web browser is vulnerable to Javascript injection in a number of components of the user interface. Depending on the exact component affected this can lead to Javascript being executed in a number of contexts which in the worst case could allow an arbitrary web site to be spoofed or even for the Javascript to be executed in the context of an arbitrary context.
-
18:00
»
Packet Storm Security Exploits
The Rekonq web browser is vulnerable to Javascript injection in a number of components of the user interface. Depending on the exact component affected this can lead to Javascript being executed in a number of contexts which in the worst case could allow an arbitrary web site to be spoofed or even for the Javascript to be executed in the context of an arbitrary context.
-
-
17:01
»
Packet Storm Security Recent Files
Apache CouchDB versions prior to version 0.11.1 are vulnerable to cross site request forgery (CSRF) attacks. A malicious website can POST arbitrary JavaScript code to well known CouchDB installation URLs (like http://localhost:5984/) and make the browser execute the injected JavaScript in the security context of CouchDB's admin interface Futon.
-
17:01
»
Packet Storm Security Advisories
Apache CouchDB versions prior to version 0.11.1 are vulnerable to cross site request forgery (CSRF) attacks. A malicious website can POST arbitrary JavaScript code to well known CouchDB installation URLs (like http://localhost:5984/) and make the browser execute the injected JavaScript in the security context of CouchDB's admin interface Futon.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities (1 unread)
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution