4319 matches found
Design/Logic Flaw
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...
CVE-2014-1884
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...
CVE-2014-1884
CVE-2014-1884 affects Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7/8. The root cause is improper restriction of navigation events, which lets remote attackers bypass device-resource restrictions when content is accessed (1) inside an iframe or (2) via t...
Then talk about DNS hijacking and other malicious acts-vulnerability warning-the black bar safety net
The past two years2012-2013, the 3 6 0 navigationhttp://hao.360.cncome into contact with a large number of hijacking cases. First by hijacking the effect and purpose is divided into the following 2 categories: jump hijack that user access 3 6 0 navigation, is forced to jump to other...
Sql injection
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified...
Multiple SQL injection vulnerabilities in Cybozu Garoon
Overview Cybozu Garoon contains multiple SQL injection vulnerabilities. Cybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection. Note that this vulnerability is different from JVN60997973. Impact A user who can log in to the...
CVE-2013-5411
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors...
Code injection
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors...
CVE-2013-5611
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation...
CVE-2013-5611
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation...
Trimble Navigation SketchUp BMP File Code Execution (CVE-2013-3663)
A remote code execution vulnerability has been reported in Trimble Navigation's SketchUp...
Application Installation doorhanger persists on navigation — Mozilla
Mozilla developer Myk Melez reported that with specifically timed page navigation, the doorhanger notification for Web App installation could persist from one site to another without being dismissed by the navigation. This could be used by a malicious site to trick a user into installing an...
[SECURITY] Fedora 18 Update: php-symfony2-DomCrawler-2.2.10-1.fc18
The DomCrawler Component eases DOM navigation for HTML and XML documents...
CVE-2013-2908
Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 aka No Content status code...
CVE-2013-2915
Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL...
Trimble Navigation SketchUp BMP File Buffer Overflow (CVE-2013-3664)
A remote code execution vulnerability exists in Trimble Navigation's Sketchup...
CVE-2013-4996
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Apache Struts 2...
Mozilla Thunderbird Multiple Vulnerabilities - Oct 12 (Windows)
The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdmultvulnoct12win.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities - Oct 12 Windows Authors: Arun Kallavi Copyright:...
Mozilla Seamonkey Multiple Vulnerabilities (Oct 2012) - Mac OS X
Mozilla Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...