49 matches found
Hedgedoc 跨站脚本漏洞
HedgeDoc is a platform for writing and sharing Markdown. cross-site scripting vulnerabilities exist in versions of HedgeDoc prior to 1.9.0. An attacker could exploit the vulnerability by embedding an iframe hosting malicious code into a slideshow or embedding a HedgeDoc instance into another page...
McAfee Web Gateway Input Validation Error Vulnerability
McAfee Web Gateway MWG is a security gateway product from McAfee USA. The product provides threat protection, application control, and data loss prevention. An input validation error vulnerability exists in the administrator web console in McAfee MWG versions 7.8.2.x prior to 7.8.2.12, which can ...
PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery
As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability CVE-2019-1105 that impacted over 100 million users. However, at that time, very few details of the flaw were available in the...
chromium-browser: extensions web accessible resources bypass
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
UBUNTU-CVE-2015-2718
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...
90000 web pages infected by mass iFrame attack
90000 web pages infected by mass iFrame attack Security Experts Wayne Huang, Chris Hsiao, NightCola Lin discovered that more than 90000 web pages are infected by mass iFrame attack. There's been a mass scale injection ongoing recently, with the injected iframe pointing to willysy.com . Just Try a...
90000 web pages infected by mass iFrame attack
90000 web pages infected by mass iFrame attack Security Experts Wayne Huang, Chris Hsiao, NightCola Lin discovered that more than 90000 web pages are infected by mass iFrame attack. There's been a mass scale injection ongoing recently, with the injected iframe pointing to willysy.com . Just Try a...
Massive iFrame Attack Hits More than 90,000 Pages
Researchers have discovered a massive iframe injection campaign that has infected more than 90,000 Web pages. Researchers at Armorize said the injected scripts redirect users to malicious Web domains that is launching attacks targeting known vulnerabilities in Java, Adobe’s PDF, Microsoft’s...
Opera Web Browser 7.5 - Resource Detection
Opera Web Browser 7.5 - Resource Detection source: https://www.securityfocus.com/bid/10961/info Opera Web Browser is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within t...