The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors. Date...
Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2016-06-04 https://srd.wordpress.org/plugins/markdown-on-save-improved/changelog/ http://jvn.jp/en/jp/JVN26026353/index.html
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of...
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service...
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application...
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. Date published : 2016-06-04 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp
Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2016-06-04 http://web.arena.ne.jp/support/news/2016/0208.html http://web.arena.ne.jp/support/news/2016/0208_2.html
Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Date published : 2016-06-04 https://github.com/humhub/humhub/releases/tag/v1.0.0-beta.3 http://jvn.jp/en/jp/JVN56167268/index.html
Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Date published : 2016-06-04 http://www.kobe-beauty.co.jp/php-contact-form/ https://github.com/kobebeauty/php-contact-form/commit/e7d094ca8ab15215c32d6fa04d17e8519c8d21cf
Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. Date published : 2016-06-04 http://www.futomi.com/library/info/2016/201605.html http://jvn.jp/en/jp/JVN42545812/index.html
Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2016-06-04 http://www.psl.ne.jp/perl/ml/index.html http://jvn.jp/en/jp/JVN43076390/index.html
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of...
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or...
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. Date published : 2016-06-03 https://support.lenovo.com/us/en/product_security/len_6718 https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters