Lucene search
K

4319 matches found

Prion
Prion
added 2014/03/03 4:50 a.m.18 views

Design/Logic Flaw

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...

7.5CVSS7.2AI score0.08196EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2014/03/03 2:0 a.m.21 views

CVE-2014-1884

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...

6.6AI score0.08196EPSS
Exploits1References5
CVE
CVE
added 2014/03/03 2:0 a.m.52 views

CVE-2014-1884

CVE-2014-1884 affects Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7/8. The root cause is improper restriction of navigation events, which lets remote attackers bypass device-resource restrictions when content is accessed (1) inside an iframe or (2) via t...

7.5CVSS6.8AI score0.08196EPSS
Exploits1References5Affected Software1
myhack58
myhack58
added 2014/02/18 12:0 a.m.19 views

Then talk about DNS hijacking and other malicious acts-vulnerability warning-the black bar safety net

The past two years2012-2013, the 3 6 0 navigationhttp://hao.360.cncome into contact with a large number of hijacking cases. First by hijacking the effect and purpose is divided into the following 2 categories: jump hijack that user access 3 6 0 navigation, is forced to jump to other...

7AI score
Exploits0
Prion
Prion
added 2014/01/29 5:37 a.m.24 views

Sql injection

SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified...

6.5CVSS8.1AI score0.01554EPSS
Exploits1References5Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/01/28 5:40 a.m.0 views

Multiple SQL injection vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon contains multiple SQL injection vulnerabilities. Cybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection. Note that this vulnerability is different from JVN60997973. Impact A user who can log in to the...

6.5CVSS8AI score0.0104EPSS
Exploits0References7
NVD
NVD
added 2013/12/21 2:22 p.m.22 views

CVE-2013-5411

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors...

4.3CVSS6.5AI score0.01168EPSS
Exploits0References3
Prion
Prion
added 2013/12/21 2:22 p.m.18 views

Code injection

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors...

4.3CVSS7AI score0.01168EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2013/12/11 3:0 p.m.21 views

CVE-2013-5611

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation...

9.2AI score0.02138EPSS
Exploits1References12
UbuntuCve
UbuntuCve
added 2013/12/11 12:0 a.m.22 views

CVE-2013-5611

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation...

5.8CVSS7.2AI score0.02138EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2013/12/10 12:0 a.m.3 views

Trimble Navigation SketchUp BMP File Code Execution (CVE-2013-3663)

A remote code execution vulnerability has been reported in Trimble Navigation's SketchUp...

7.4AI score0.31864EPSS
Exploits1
Mozilla
Mozilla
added 2013/12/10 12:0 a.m.33 views

Application Installation doorhanger persists on navigation — Mozilla

Mozilla developer Myk Melez reported that with specifically timed page navigation, the doorhanger notification for Web App installation could persist from one site to another without being dismissed by the navigation. This could be used by a malicious site to trick a user into installing an...

5.8CVSS4AI score0.02138EPSS
Exploits1References2Affected Software1
Fedora
Fedora
added 2013/12/09 2:0 a.m.23 views

[SECURITY] Fedora 18 Update: php-symfony2-DomCrawler-2.2.10-1.fc18

The DomCrawler Component eases DOM navigation for HTML and XML documents...

5CVSS0.7AI score0.01868EPSS
Exploits0
NVD
NVD
added 2013/10/02 10:35 a.m.13 views

CVE-2013-2908

Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 aka No Content status code...

5CVSS6AI score0.01265EPSS
Exploits0References8
NVD
NVD
added 2013/10/02 10:35 a.m.16 views

CVE-2013-2915

Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL...

4.3CVSS6AI score0.01147EPSS
Exploits0References8
Check Point Advisories
Check Point Advisories
added 2013/09/22 12:0 a.m.5 views

Trimble Navigation SketchUp BMP File Buffer Overflow (CVE-2013-3664)

A remote code execution vulnerability exists in Trimble Navigation's Sketchup...

7.3AI score0.29778EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2013/07/31 1:20 p.m.28 views

CVE-2013-4996

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...

4.3CVSS6.8AI score0.01832EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2013/07/25 12:0 a.m.728 views

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Apache Struts 2...

9.3CVSS0.7AI score0.99998EPSS
Exploits18
OpenVAS
OpenVAS
added 2013/07/12 12:0 a.m.25 views

Mozilla Thunderbird Multiple Vulnerabilities - Oct 12 (Windows)

The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdmultvulnoct12win.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities - Oct 12 Windows Authors: Arun Kallavi Copyright:...

9.3CVSS0.7AI score0.03464EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2013/07/12 12:0 a.m.27 views

Mozilla Seamonkey Multiple Vulnerabilities (Oct 2012) - Mac OS X

Mozilla Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS9.6AI score0.03464EPSS
Exploits0References6
Rows per page
Query Builder