5098 matches found
CVE-2018-5142
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for...
CVE-2018-5109
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This...
CVE-2018-5109
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This...
CVE-2017-5382
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox 51...
Design/Logic Flaw
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This...
Design/Logic Flaw
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for...
CVE-2018-5109
CVE-2018-5109 : Firefox before 58 is vulnerable where an audio capture prompt can incorrectly display the origin. This can mislead users about which site requested audio capture. Affected: Firefox
CVE-2017-5382
CVE-2017-5382 affects Mozilla Firefox prior to 51.0. The feed preview for RSS feeds can expose internal errors/exceptions generated by privileged content, potentially revealing sensitive information. Rationale: described in the CVE entry and corroborated by multiple advisories (OpenSUSE/Mageia/Ub...
CVE-2018-5109
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This...
CVE-2018-5142
Technical details are not publicly provided in the provided documents. The vulnerability concerns Firefox before 59 and Media Capture and Streams API permission notifications, but no concrete exploit/vector/fix details are included here. Monitor for updates.
CVE-2017-5382
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox 51...
CVE-2018-5109
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This...
CVE-2018-5142
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for...
CloudBees Jenkins GitHub Plugin Information Disclosure Vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . GitHub Plugin is used in one of the...
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
Generates a Malicious ODT File which can be used with auxiliary/server/capture/smb or similar to capture hashes. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'rex/zip' class MetasploitModul...
CVE-2018-1000183
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2018-1000183
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2018-1000186
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
CSS Keylogger - Chrome Extension And Express Server That Exploits Keylogging Abilities Of CSS
Chrome extension and Express server that exploits keylogging abilities of CSS. To use SetupChrome extension 1. Download repository git clone https://github.com/maxchehab/CSS-Keylogging 2. Visit chrome://extensions in your browser or open up the Chrome menu by clicking the icon to the far right of...
Kangaroo Life App has a Bursting Vulnerability
Kangaroo Life App is a mobile lending software. Kangaroo Life APP has a blasting vulnerability. Attackers can log in to any account by grabbing packets and blasting CAPTCHA...