236 matches found
Oxide file picker memory misreference vulnerability
Oxide is a library that supports embedding Chromium the engine used by Google Chrome based WebView in applications. A memory misreference vulnerability exists in the file picker implementation of Oxide prior to version 1.6.5. A remote attacker could exploit this vulnerability via a specially...
CVE-2015-1321
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted webpage...
CVE-2015-1321
CVE-2015-1321 affects Oxide’s file picker: a use-after-free in the file picker before 1.6.5 can allow remote attackers to crash or potentially execute arbitrary code via a crafted webpage. Upgrade to Oxide 1.6.5+ to fix; apply vendor patches as available.
CVE-2015-1321
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted webpage...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2570-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2570-1 advisory. An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially...
USN-2570-1: Oxide vulnerabilities
An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...
UBUNTU-CVE-2015-1321
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted webpage...
CVE-2015-1321
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted webpage...
CVE-2013-1833
Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...
CVE-2013-1833
CVE-2013-1833 affects Moodle’s File Picker module across Moodle 2.x: vulnerable in 2.1.x up to 2.1.10; 2.2.x prior to 2.2.8; 2.3.x prior to 2.3.5; and 2.4.x prior to 2.4.2. Root cause is cross-site scripting via crafted filenames, exploitable by remote authenticated users. Impact is XSS in authen...
CVE-2013-1833
Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...
UBUNTU-CVE-2013-1833
Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...
CVE-2012-5471
The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout...
Design/Logic Flaw
The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout...
CVE-2012-5471
The vulnerability CVE-2012-5471 affects Moodle’s Dropbox Repository File Picker in Moodle 2.1.x (before 2.1.9), 2.2.x (before 2.2.6), and 2.3.x (before 2.3.3). It allows remote authenticated users to access another user’s Dropbox by using an unattended workstation after logout. The issue is addre...