MacOS X versions 10.14.5 and below suffer from a Gatekeeper bypass vulnerability.
76e6187e250514c50b8fb1fa0a230303592e3a59928db823711053d46ba942c4Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
dd46625edf20ec566996b733efec4fa6ab1a394f429074cafd338ed82f2fc1bcTor Browser versions prior to 8.0 are affected by an information disclosure vulnerability that allows remote attackers to bypass the intended anonymity feature and discover a client IP address. The vulnerability affects Windows users only and needs user interaction to be exploited.
5b1b6551f82ae1b8033ae157a5420a8e86e2df791a77602af401e147b60ad490This write up holds the details for the Tor Browser information disclosure vulnerability as discussed in CVE-2017-16541. Version 7.0.8 is affected.
4ed16754b37c2476bf294cfab2a1eb58af360139efcb739037c86ca15edba311TorBrowser versions 7.0.8 and below for Mac OS X and Linux are affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser.
98ad8fa1e2be0c10bbbb3b46fcb9cb4ff3e65dec0ce7c05e95e2dbb0691343c0Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions.
6ba7f803571a1ce302e1c82265074d0e1c3c73afe49c7062b6c3dd10b41beb23Squirrelmail versions 1.4.22 and below suffer from a remote code execution vulnerability.
4b0dc2d246cc3a9756582983ff8531774c490e3ea2b7ddb569f8e43f1a06c2dcMicrosoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.
30fa33e5e481a63662a6fceba59229cee595229bc593a817856790f2cd97de46Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.
83a2396f296801ed2a08e72a969bd88fa43d32d0b7e159e0cbba6bf14421588fHtcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
361c1123ace8457b032976f9819e01dfb15f1be1dc563f1039b2e802472f702eApple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.
23bbd32f77e1c03ed726b6f44b84ac17454893681f3844f34b64aef3707c3454Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
e1b46b0ad4d6efc49d1a685645e3212963cbee25ea12b9f3f64dee6c50699a17Symphony CMS version 2.6.5 suffers from remote file upload and remote SQL injection vulnerabilities.
182e43c5d3adf7e410132674a83b11cf6a05e7ae6b18339b186b4265dc9b7e84ProjetSend version r582 suffers from authentication bypass, remote SQL injection, insecure direct object reference, and directory traversal / arbitrary file read vulnerabilities.
30a7ef29c39349514e61a5f8a115ccf83f446d7245c39cf98e1cee88497c7dbeHtcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
981291a5ddf50d934fe6635ef8364804c1736f0f3495311f538a582c06e131fdLychee version 2.7.1 suffers from a remote code execution vulnerability when logged in as an administrator.
838f6b6bb47ee54cd93284f806f636dbf53c9df7899e9dd5db885f98f9535dc9DokuWiki version 2014-09-29c suffers from a persistent cross site scripting vulnerability.
f3904c4b7095c2906f919c23af7958dffe8a653152cf6e88441674e356365afdLogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.
20e0cd6da8ae12e950d981ee3947ff25853bdc8fedef7053293f570dfee099d1OSClass versions 2.3.5 and below suffer from a directory traversal vulnerability.
c4411548e16d40545b80301b74d258f57c4662d3f5f44fbff9ee7d0e877247f6OSClass version 2.3.4 suffers from cross site scripting, remote file inclusion and remote SQL injection vulnerabilities.
6961ecec1291ed82c08ed138f70b351bb7b06cabde1aec1d2b62eb96c14593fbPostfixadmin version 2.3. 4 suffers from cross site scripting and remote SQL injection vulnerabilities.
792946daa68d21da19823d935d226aff83199c4a69cc33fe6dfa3dcbd4a11618Mibew Messenger version 1.6.4 suffers from multiple cross site scripting vulnerabilities.
70ca4b16e1bd521b1858f4631f536db54e0cb770544aff6b395c926a0f05eef9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed