Lucene search
K

744 matches found

seebug.org
seebug.org
added 2010/01/27 12:0 a.m.29 views

Google Chrome样式表重新定向信息泄露漏洞

BUGTRAQ ID: 37917 CVE ID: CVE-2010-0315 Google Chrome是Google发布的开源WEB浏览器。 Chrome跟随了样式表的重新定向并允许读取目标URL。通过在样式表LINK元素的HREF属性中放置站点URL然后读取 document.styleSheets0.href属性值,攻击者就可以找到重新定向的目标URL。 Google Chrome 3.0.195.38 厂商补丁: Google ------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.google.com...

5CVSS8.4AI score0.06894EPSS
Exploits2
OpenVAS
OpenVAS
added 2010/01/20 12:0 a.m.24 views

Apple Safari Multiple Vulnerabilities

This host is installed with Apple Safari Web Browser and is prone to to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplesafarimultvulnjan10.nasl 7174 2017-09-18 11:48:08Z asteins $ Apple Safari Multiple Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...

5CVSS0.07462EPSS
Exploits2References2
Prion
Prion
added 2010/01/14 7:30 p.m.22 views

Code injection

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the...

5CVSS6.7AI score0.06894EPSS
Exploits2References16Affected Software1
UbuntuCve
UbuntuCve
added 2010/01/14 7:30 p.m.19 views

CVE-2010-0314

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets0.href property value...

5CVSS5.9AI score0.07462EPSS
Exploits2References3
CVE
CVE
added 2010/01/14 7:0 p.m.50 views

CVE-2010-0314

The connected SSV entry (SSV:19008) documents CVE-2010-0314 as a redirect-target disclosure in Apple Safari: if a site URL is placed in the HREF of a stylesheet LINK element, a user’s session can read document.styleSheets[0].href to reveal the redirect URL. It notes Safari 4.0.4 and describes the...

5CVSS8.5AI score0.07462EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2010/01/14 7:0 p.m.23 views

CVE-2010-0314

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets0.href property value...

8.8AI score0.07462EPSS
Exploits2References6
Debian CVE
Debian CVE
added 2010/01/14 7:0 p.m.22 views

CVE-2010-0314

Removed by vendor...

5CVSS6.7AI score0.07462EPSS
Exploits2
Debian CVE
Debian CVE
added 2010/01/14 7:0 p.m.22 views

CVE-2010-0315

Removed by vendor...

5CVSS6.7AI score0.06894EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.20 views

SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 747)

The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : - Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still...

9.3CVSS8.7AI score0.10464EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.40 views

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187)

The Mozilla Firefox Browser was refreshed to the current MOZILLA18 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in...

10CVSS8.8AI score0.10464EPSS
Exploits4References19
Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.21 views

openSUSE Security Update : MozillaFirefox (MozillaFirefox-745)

The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : MFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method moveToEdgeShift was in some cases triggering garbage collection routines...

9.3CVSS8.7AI score0.10464EPSS
Exploits4References3
Atlassian
Atlassian
added 2009/06/26 2:5 a.m.14 views

XSS in PDF screen

The "PDF Export Stylesheet" field is not encoded...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/06/26 2:5 a.m.19 views

XSS in PDF screen

The "PDF Export Stylesheet" field is not encoded...

1.6AI score
Exploits0Affected Software1
Prion
Prion
added 2009/06/10 6:0 p.m.26 views

Design/Logic Flaw

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...

7.1CVSS6.6AI score0.29098EPSS
Exploits3References17Affected Software4
NVD
NVD
added 2009/06/10 6:0 p.m.14 views

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...

7.5CVSS7.1AI score0.29098EPSS
Exploits3References17
CVE
CVE
added 2009/06/10 5:37 p.m.94 views

CVE-2009-1699

The CVE-2009-1699 entry is confirmed in connected documents as a WebKit XXE vulnerability: qt4-x11 uses WebKit’s XSL stylesheet processing and does not properly handle XML external entities, enabling remote file disclosure via a crafted DTD (e.g., file:///… paths). Affected product/kit: Qt4-x11 w...

7.5CVSS6.9AI score0.29098EPSS
Exploits3References17Affected Software2
Cvelist
Cvelist
added 2009/06/10 5:37 p.m.35 views

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...

7.1AI score0.29098EPSS
Exploits3References17
UbuntuCve
UbuntuCve
added 2009/04/22 12:0 a.m.27 views

CVE-2009-1302

The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to 1 nsAsyncInstantiateEvent::Run, 2...

5CVSS7.2AI score0.029EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2009/04/21 12:0 a.m.62 views

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194)

The Mozilla Firefox Browser was refreshed to the current MOZILLA18 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in...

10CVSS8.9AI score0.10464EPSS
Exploits4References7
OpenVAS
OpenVAS
added 2009/04/20 12:0 a.m.21 views

SUSE: Security Advisory for MozillaFirefox (SUSE-SA:2009:022)

The remote host is missing updates announced in advisory SUSE-SA:2009:022. Copyright C 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

9.3CVSS9.8AI score0.10464EPSS
Exploits4References1
Rows per page
Query Builder