4319 matches found
CVE-2014-8068
Adobe Digital Editions DE 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information...
CVE-2014-8068
Adobe Digital Editions DE 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information...
UBUNTU-CVE-2014-3197
The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a...
CLI Magic: I Didn’t Know That !
Command Editing Shortcuts Ctrl + a – go to the start of the command line Ctrl + e – go to the end of the command line Ctrl + k – delete from cursor to the end of the command line Ctrl + u – delete from cursor to the start of the command line Ctrl + w – delete from cursor to start of word i.e...
Fedora 20 : phpMyAdmin-4.2.6-1.fc20 (2014-8581)
phpMyAdmin 4.2.6.0 2014-07-17 =============================== - Undefined index warning with referenced column. - $cfg'MaxExactCount' is ignored when BROWSING is back - Multi Column sorting improved user experience - Server validation does not work while in setup/mysqli - Undefined variable when...
A-Blog 2.0 - Multiple Remote File Include Vulnerabilities
No description provided by source. ============================================================================================== A-Blog v2.0 Remote File Include =============================================================================================== Critical Level : Dangerous A-Blog...
Yahoo! Messenger 7.0/7.5 - Remote Search String Arbitrary Browser Navigation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19211/info Yahoo! Messenger is prone to a browser-navigation vulnerability that may permit a remote attacker to open a browser window on the victim user's computer to an arbitrary page. This issue occurs because the...
Browser Navigation Download Trick
No description provided by source. Another moderately interesting tidbit, I guess... It is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs. Perhaps more interestingly, you can also navigate third-party...
Microsoft Windows Vista Windows Mail Local File Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23103/info Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error. An attackers may exploit this issue to execute local files. The attacker must entice a victim into...
AJ HYIP MERIDIAN (news.php id) Blind SQL Injection Vulnerability
No description provided by source. AJ HYIP MERIDIAN news.php id Blind SQL Injection Vulnerability bug found by Jose Luis Gongora Fernandez a.k.a JosS contact: sys-projectathotmail.com website: http://www.hack0wn.com/ - site: http://www.ajsquare.com/products/ajhyip/index.php - about AJ HYIP: AJ HY...
MGASA-2014-0275 Updated phpmyadmin packages fix CVE-2014-4349
Updated phpmyadmin packages fix security vulnerability: In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding or unhiding a crafted table name in the navigation, due to unescaped HTML output in the navigation items hiding feature. Note that this vulnerability can only be...
FreeBSD : phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names (c4892644-f8c6-11e3-9f45-6805ca0b3d42)
The phpMyAdmin development team reports : Self-XSS due to unescaped HTML output in recent/favorite tables navigation. When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who...
Self-XSS due to unescaped HTML output in navigation items hiding feature.
PMASA-2014-3 Announcement-ID: PMASA-2014-3 Date: 2014-06-20 Summary Self-XSS due to unescaped HTML output in navigation items hiding feature. Description When hiding or unhiding a crafted table name in the navigation, it is possible to trigger an XSS. Severity We consider this vulnerability to be...
phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names
The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in recent/favorite tables navigation. When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who...
Internet Explorer Developer Channel - Early Access to Next-Generation Features For Developers
In an effort to create more open and accessible atmosphere between the Internet Explorer team and the Web development community, Microsoft today announced the launch of The Developer Channel for Internet Explorer. Internet Explorer Developer Channel is a fully-functioning browser designed to...
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1)
The Mozilla suite received following security updates bnc783533 : Mozilla Firefox was updated to 16.0.1. Mozilla SeaMonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. - MFSA 2012-88/CVE-2012-4191 bmo798045 Miscellaneous memory safety...
Cross site scripting
Cross-site scripting XSS vulnerability on Google Search Appliance GSA devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element...
CVE-2014-0362
Cross-site scripting XSS vulnerability on Google Search Appliance GSA devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element...
CVE-2014-0362
CVE-2014-0362 describes an XSS flaw in Google Search Appliance (GSA) where input reflected into a [removed] block becomes executable when dynamic navigation is enabled. Affected products are GSA versions earlier than 7.0.14.G.216 and 7.2 earlier than 7.2.0.G.114. The impact is remote script execu...
Service Worker - first draft published
The first draft of the service worker spec was published today! It's been a collaborative effort between Google, Samsung, Mozilla and others, and implementations for Chrome and Firefox are being actively developed. Anyone interesting in the web competing with native apps should be excited by this...