3800 matches found
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
CVE-2 0 1 6-4 2 7 1:Flash local file system sandbox bypass-vulnerability warning-the black bar safety net
2 0 1 6 9 on 1 3 April, Adobe closed the local file system sandbox sandbox. Local file system sandbox in existence for twenty years after, finally be Adobe is closed, so that almost all of the use of this function in the Flash file needs to be updated. We will specifically explain this change in...
HackerOne: HackerOne Integrations Design Issue
Summary HackerOne Integrations Design Issue Description Include Impact This bug is similar to 170552. The HackerOne Integrations feature is very sensitive and can not be used with just a click, IMHO, or we can say "HackerOne users are a click away from giving to an attacker very sensitive...
CVE-2016-5947
IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...
CVE-2016-5947
IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...
Code injection
IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...
CVE-2016-5947
IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...
CVE-2016-5947
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 is affected by a clickjacking vulnerability that can be exploited by a remote, authenticated user via a crafted web site. The issue affects IBM Spectrum Control / Tivoli Storage Productivity Center 5.2.8–5.2.10...
IBM Spectrum Control and IBM Storage Insights Clickjacking Vulnerability
IBM Spectrum Control and IBM Storage Insights are both storage resource management software from IBM USA. A clickjacking vulnerability exists in IBM Spectrum Control versions 5.2.8 through 5.2.10.1 and IBM Storage Insights. A remote attacker could exploit this vulnerability by convincing a user t...
MyBB < 1.8.7 Multiple Vulnerabilities
MyBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb"; ifdescription...
Oxwall 1.8.0 Build 9900 Cross Site Scripting / Open Redirect
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Oxwall 1.8.0 build 9900 Fixed in: 1.8.2 Fixed Version Link: https://developers.oxwall.com/download Vendor Website: http://www.oxwall.org/ Vulnerability Type: XSS & Open Redirect Remote Exploitable: Yes Reported to vendor:...
Yelp: Clickjacking: X-Frame Header Missing
Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their...
chromium-browser: extensions web accessible resources bypass
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
chromium-browser: extensions web accessible resources bypass
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
CVE-2016-5162
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
CVE-2016-5162
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
CVE-2016-5160
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
CVE-2016-5160
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
Code injection
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
CVE-2016-5162
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...