Lucene search
K

534 matches found

nvd
nvd
added 2018/06/11 9:29 p.m.14 views

CVE-2017-7842

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox 57...

5.3CVSS5AI score0.01565EPSS
Exploits0References4
osv
osv
added 2018/06/11 9:29 p.m.5 views

CVE-2017-7842

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox 57...

5.3CVSS5.8AI score0.01565EPSS
Exploits0References4
prion
prion
added 2018/06/11 9:29 p.m.18 views

Code injection

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox 57...

5CVSS6.3AI score0.01565EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2018/06/11 9:0 p.m.20 views

CVE-2017-7842

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox 57...

6.4AI score0.01565EPSS
Exploits0References4
cve
cve
added 2018/06/11 9:0 p.m.122 views

CVE-2017-7842

CVE-2017-7842 describes a bug in Firefox where, when a document uses Referrer Policy: no-referrer, some cases cause two network requests for a element instead of one; one request may still include a referrer, bypassing the policy. Affected product: Firefox versions earlier than 57. The issue is ...

5.3CVSS6.2AI score0.01565EPSS
Exploits0References4Affected Software1
debiancve
debiancve
added 2018/06/11 9:0 p.m.16 views

CVE-2017-7842

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox 57...

5.3CVSS7.7AI score0.01565EPSS
Exploits0
openvas
openvas
added 2018/01/24 12:0 a.m.52 views

Mozilla Firefox Security Advisories (MFSA2018-02, MFSA2018-03) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

10CVSS7.8AI score0.20024EPSS
Exploits0References1
nessus
nessus
added 2018/01/24 12:0 a.m.45 views

FreeBSD : mozilla -- multiple vulnerabilities (a891c5b4-3d7a-4de9-9c71-eef3fd698c77)

Mozilla Foundation reports : CVE-2018-5091: Use-after-free with DTMF timers CVE-2018-5092: Use-after-free in Web Workers CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory...

10CVSS7.4AI score0.20024EPSS
Exploits0References35
ubuntucve
ubuntucve
added 2017/11/15 12:0 a.m.20 views

CVE-2017-7842

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox 57...

5.3CVSS6.8AI score0.01565EPSS
Exploits0References3
cnvd
cnvd
added 2017/10/12 12:0 a.m.4 views

Umbraco CMS XML External Entity Vulnerability

Umbraco is the leading open source Microsoft ASP.NET CMS. An XML external entity vulnerability exists in Umbraco CMS, which could allow an attacker to obtain sensitive information by reading files on the server or sending TCP requests to an intranet host...

5.5CVSS5.2AI score0.0106EPSS
Exploits0References1
cnvd
cnvd
added 2017/08/07 12:0 a.m.3 views

Eaton ELCSoft ELCSimulator Stack Buffer Overflow Vulnerability

Eaton ELCSoft is programmable logic control software. Eaton ELCSoft has a stack buffer overflow vulnerability in ELCSimulator.exe's handling of network TCP requests, which can be exploited by remote attackers to execute arbitrary code...

8AI score
Exploits0References1
bdu_fstec
bdu_fstec
added 2016/09/07 12:0 a.m.9 views

The vulnerability of the ColdFusion interpreter allows attackers to read arbitrary files or send TCP requests to servers in the internal network.

The vulnerability of the Office Open XML OOXML file format in ColdFusion is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows an attacker to remotely read arbitrary files or send TCP requests to internal server networks using a specially...

6.4CVSS7.7AI score0.69044EPSS
Exploits7References3
bdu_fstec
bdu_fstec
added 2016/07/05 12:0 a.m.6 views

The vulnerability of the SeaMonkey software package, which allows a malicious attacker to execute arbitrary code.

The SeaMonkey software contains a vulnerability in the nsDocShell::InternalLoad function. Exploiting this vulnerability allows an attacker to execute arbitrary code by performing cross-site scripting attacks using specially crafted network requests...

4.3CVSS7.3AI score0.01666EPSS
Exploits0References4
kaspersky
kaspersky
added 2016/06/07 12:0 a.m.67 views

KLA10822 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, elevate privileges, cause denial of service, conduct XSS or obtain sensitive information. Below is a complete list of...

9.3CVSS10AI score0.23957EPSS
Exploits7References16
archlinux
archlinux
added 2016/02/13 12:0 a.m.44 views

firefox: same-origin policy bypass

Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...

6.8CVSS8.5AI score0.01503EPSS
Exploits0References2
openvas
openvas
added 2016/02/12 12:0 a.m.22 views

Ubuntu: Security Advisory (USN-2893-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.01503EPSS
Exploits0References2
freebsd
freebsd
added 2016/02/11 12:0 a.m.32 views

firefox -- Same-origin-policy violation using Service Workers with plugins

The Mozilla Foundation reports: MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a servic...

8.8CVSS3.4AI score0.01503EPSS
Exploits0References1
openvas
openvas
added 2015/07/01 12:0 a.m.25 views

Debian Security Advisory DSA 3298-1 (jackrabbit - security update)

It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as https or file. Dependi...

6.4CVSS0.51488EPSS
Exploits6References1
exploitpack
exploitpack
added 2014/10/07 12:0 a.m.24 views

HttpCombiner ASP.NET - Remote File Disclosure

HttpCombiner ASP.NET - Remote File Disclosure Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage:...

7.5AI score
Exploits0
hackerone
hackerone
added 2014/09/09 8:51 p.m.30 views

Internet Bug Bounty: Flash Local Sandbox Bypass

Vulnerability already reported to adobe issue 2833 and patched CVE-2014-0554 http://helpx.adobe.com/security/products/flash-player/apsb14-21.html First of all, note that the Adobe Security Bulletin notes: 'Bas Venis and Masato Kinugawa' for the acknowledgement of this CVE. The poc I have reported...

10CVSS5.7AI score0.06903EPSS
Exploits0
Rows per page
Query Builder