Lucene search
K

695 matches found

Tenable Nessus
Tenable Nessus
added 2009/10/07 12:0 a.m.39 views

SuSE9 Security Update : epiphany (YOU Patch Number 12519)

This update brings the Mozilla SeaMonkey Suite packages to the current stable release 1.1.17. Due to the major version update some incompatibilities might appear. It fixes all currently published security issues, including but not limited to : - Same-origin violations when Adobe Flash loaded via...

9.3CVSS8.9AI score0.09282EPSS
Exploits7References20
Opera Security Advisories
Opera Security Advisories
added 2009/06/10 12:0 a.m.29 views

Random number generator and input name linebreaks can be used to send custom data to other sites

Input names can contain line breaks when data is sent using POST. Suitable use of the random number generator can reveal predictable boundaries that will be used when sending the POST data. These can be combined to add extra boundaries into the data, containing payloads that may confuse the...

0.9AI score
Exploits0References1Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/06/10 12:0 a.m.7 views

Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories

Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories OPCOM Team | June 10, 2009 Severity Moderately severe Problem description Input names can contain line breaks when data is sent using POST. Suitable use of the random numbe...

5.7AI score
Exploits0References1
Debian
Debian
added 2009/05/09 1:0 p.m.29 views

[SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1797-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 09, 2009 http://www.debian.org/security/faq -...

6.8CVSS7.2AI score0.05565EPSS
Exploits5
OpenVAS
OpenVAS
added 2009/04/28 12:0 a.m.37 views

RedHat Security Advisory RHSA-2009:0436

The remote host is missing updates announced in advisory RHSA-2009:0436. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content...

6.8CVSS10AI score0.05565EPSS
Exploits6References3
securityvulns
securityvulns
added 2009/04/23 12:0 a.m.61 views

Mozilla Foundation Security Advisory 2009-21

Mozilla Foundation Security Advisory 2009-21 Title: POST data sent to wrong site when saving web page with embedded frame Impact: Low Announced: April 21, 2009 Reporter: Paolo Amadini Products: Firefox, SeaMonkey Fixed in: Firefox 3.0.9 SeaMonkey 1.1.17 Description Developer and Mozilla community...

4.3CVSS0.4AI score0.02313EPSS
Exploits1
Prion
Prion
added 2009/04/22 6:30 p.m.25 views

Code injection

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODEFILEONLY save of the inner frame...

4.3CVSS6.5AI score0.02313EPSS
Exploits1References28Affected Software2
CVE
CVE
added 2009/04/22 6:0 p.m.131 views

CVE-2009-1311

CVE-2009-1311 affects Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17. A web page with an embedded frame can cause POST data from the outer page to be sent to the inner frame’s URL during SAVEMODE_FILEONLY saves, exposing sensitive information. The MiracleLinux/Tenable entry confirms thi...

4.3CVSS9AI score0.02313EPSS
Exploits1References28Affected Software2
RedHat Linux
RedHat Linux
added 2009/04/22 1:40 a.m.44 views

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime...

6.8CVSS7.5AI score0.05565EPSS
Exploits6References14
RedHat Linux
RedHat Linux
added 2009/04/22 1:40 a.m.2 views

Firefox POST data sent to wrong site when saving web page with embedded frame

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODEFILEONLY save of the inner frame...

4.3CVSS7.4AI score0.02313EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2009/04/22 12:0 a.m.37 views

RHEL 4 / 5 : firefox (RHSA-2009:0436)

The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:0436 advisory. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were...

6.8CVSS8.8AI score0.05565EPSS
Exploits6References28
Tenable Nessus
Tenable Nessus
added 2009/04/22 12:0 a.m.50 views

FreeBSD : mozilla -- multiple vulnerabilities (3b18e237-2f15-11de-9672-0030843d3802)

Mozilla Foundation reports : MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites MFSA 2009-19: Same-origin...

6.8CVSS8.4AI score0.05565EPSS
Exploits6References21
Mozilla
Mozilla
added 2009/04/21 12:0 a.m.29 views

POST data sent to wrong site when saving web page with embedded frame — Mozilla

Developer and Mozilla community member Paolo Amadini reported that when saving the inner frame of a web page as a file when the outer page has POST data associated with it, the POST data will be incorrectly sent to the URL of the inner frame. This could potentially result in a user's sensitive da...

4.3CVSS1.9AI score0.02313EPSS
Exploits1References2Affected Software2
securityvulns
securityvulns
added 2008/10/24 12:0 a.m.54 views

flashchat severe bug

File: connection.php if ChatServer::userInRole$this-userid, ROLEADMIN || ChatServer::userInRole$this-userid, ROLEMODERATOR || $req's' == 7 -- bypass line This piece of code allows a normal user to bypass role filtering and to be granted admin role as a normal user. To exploit the vulnerability...

1.2AI score
Exploits0
NVD
NVD
added 2008/03/10 5:44 p.m.16 views

CVE-2008-1245

cgi-bin/setupvirtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service control center outage via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header...

7.8CVSS6.7AI score0.03184EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2007/10/03 3:47 p.m.23 views

Moderate: Red Hat Security Advisory: elinks security update

An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ELinks is a text mode Web browser used from the command line that supports...

4.3CVSS5.6AI score0.02599EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2007/10/03 3:47 p.m.5 views

elinks reveals POST data to HTTPS proxy

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...

4.3CVSS5.9AI score0.02599EPSS
Exploits0References4
OSV
OSV
added 2007/09/21 8:17 p.m.2 views

DEBIAN-CVE-2007-5034

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...

4.3CVSS6.5AI score0.02599EPSS
Exploits0References1
OSV
OSV
added 2007/08/07 10:17 a.m.4 views

DEBIAN-CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

5.8CVSS7.2AI score0.0621EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/08/07 10:0 a.m.27 views

CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

6.6AI score0.0621EPSS
Exploits0References9
Rows per page
Query Builder