Lucene search
K

236 matches found

CNVD
CNVD
added 2015/04/30 12:0 a.m.3 views

Oxide file picker memory misreference vulnerability

Oxide is a library that supports embedding Chromium the engine used by Google Chrome based WebView in applications. A memory misreference vulnerability exists in the file picker implementation of Oxide prior to version 1.6.5. A remote attacker could exploit this vulnerability via a specially...

6.8CVSS7.4AI score0.01992EPSS
Exploits0References1
NVD
NVD
added 2015/04/29 8:59 p.m.18 views

CVE-2015-1321

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted webpage...

6.8CVSS7.8AI score0.01992EPSS
Exploits0References1
CVE
CVE
added 2015/04/29 8:0 p.m.73 views

CVE-2015-1321

CVE-2015-1321 affects Oxide’s file picker: a use-after-free in the file picker before 1.6.5 can allow remote attackers to crash or potentially execute arbitrary code via a crafted webpage. Upgrade to Oxide 1.6.5+ to fix; apply vendor patches as available.

6.8CVSS8.1AI score0.01992EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/04/29 8:0 p.m.25 views

CVE-2015-1321

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted webpage...

7.8AI score0.01992EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/04/28 12:0 a.m.39 views

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2570-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2570-1 advisory. An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially...

7.5CVSS9.1AI score0.02702EPSS
Exploits1References13
Ubuntu
Ubuntu
added 2015/04/27 4:13 p.m.77 views

USN-2570-1: Oxide vulnerabilities

An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...

7.5CVSS9AI score0.02702EPSS
Exploits1
OSV
OSV
added 2015/04/27 12:0 a.m.1 views

UBUNTU-CVE-2015-1321

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted webpage...

6.8CVSS6.1AI score0.01992EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/04/27 12:0 a.m.28 views

CVE-2015-1321

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted webpage...

6.8CVSS6.2AI score0.01992EPSS
Exploits0References2
NVD
NVD
added 2013/03/25 9:55 p.m.31 views

CVE-2013-1833

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

3.5CVSS7.5AI score0.01457EPSS
Exploits0References5
Prion
Prion
added 2013/03/25 9:55 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

3.5CVSS5.5AI score0.01457EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2013/03/25 9:0 p.m.64 views

CVE-2013-1833

CVE-2013-1833 affects Moodle’s File Picker module across Moodle 2.x: vulnerable in 2.1.x up to 2.1.10; 2.2.x prior to 2.2.8; 2.3.x prior to 2.3.5; and 2.4.x prior to 2.4.2. Root cause is cross-site scripting via crafted filenames, exploitable by remote authenticated users. Impact is XSS in authen...

3.5CVSS7.4AI score0.01457EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2013/03/25 9:0 p.m.35 views

CVE-2013-1833

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

7.7AI score0.01457EPSS
Exploits0References5
OSV
OSV
added 2013/03/11 4:0 a.m.2 views

UBUNTU-CVE-2013-1833

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

3.5CVSS5.8AI score0.01457EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2012/11/21 12:55 p.m.16 views

CVE-2012-5471

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout...

6.5CVSS5.9AI score0.01265EPSS
Exploits0References4
Prion
Prion
added 2012/11/21 12:55 p.m.11 views

Design/Logic Flaw

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout...

6.5CVSS6.6AI score0.01265EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2012/11/21 11:0 a.m.47 views

CVE-2012-5471

The vulnerability CVE-2012-5471 affects Moodle’s Dropbox Repository File Picker in Moodle 2.1.x (before 2.1.9), 2.2.x (before 2.2.6), and 2.3.x (before 2.3.3). It allows remote authenticated users to access another user’s Dropbox by using an unattended workstation after logout. The issue is addre...

6.5CVSS6.1AI score0.01265EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder