Lucene search
+L

121 matches found

NVD
NVD
added 2018/12/11 4:29 p.m.21 views

CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

5.7CVSS6AI score0.00443EPSS
Exploits0References6
OSV
OSV
added 2018/12/11 4:29 p.m.7 views

CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

5.7CVSS8AI score
Exploits0References6
Prion
Prion
added 2018/12/11 4:29 p.m.15 views

Design/Logic Flaw

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

2.9CVSS5.9AI score0.00443EPSS
Exploits0References6Affected Software5
UbuntuCve
UbuntuCve
added 2018/12/11 4:29 p.m.23 views

CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

5.7CVSS6.9AI score0.00443EPSS
Exploits0References1
CVE
CVE
added 2018/12/11 3:0 p.m.147 views

CVE-2018-18358

CVE-2018-18358 affects Chromium/Google Chrome prior to 71.0.3578.80, where WPAD handling fails to correctly treat localhost, enabling a local-network attacker to proxy localhost via a crafted WPAD file. Connected advisories (Arch, Debian) confirm this as an access restriction bypass in the Proxy ...

5.7CVSS5.8AI score0.00443EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2018/12/11 3:0 p.m.49 views

CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

5.7CVSS6.5AI score0.00443EPSS
Exploits0
Cvelist
Cvelist
added 2018/12/11 3:0 p.m.25 views

CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

6AI score0.00443EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2018/12/11 12:0 a.m.708 views

Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle

Chrome: malicious WPAD server can proxy localhost leading to XSS in http://localhost:/ VERSION Chrome Version: 70.0.3538.77 stable Operating System: Windows 10 version 1803 When Chrome is installed on Windows and the user joins a malicious network that advertises a WPAD script e.g. via DHCP, Chro...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/12/11 12:0 a.m.45 views

Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle Vulnerability

Exploit for windows platform in category local exploits Chrome: malicious WPAD server can proxy localhost leading to XSS in http://localhost:/ VERSION Chrome Version: 70.0.3538.77 stable Operating System: Windows 10 version 1803 When Chrome is installed on Windows and the user joins a malicious...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2018/12/05 6:54 p.m.23 views

CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

6.5CVSS3.7AI score0.00443EPSS
Exploits0References2
CERT
CERT
added 2018/09/05 12:0 a.m.762 views

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

Overview Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Description The Web Proxy...

7.6CVSS6.9AI score0.5389EPSS
Exploits12References2
exploitpack
exploitpack
added 2018/08/28 12:0 a.m.28 views

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free alert'start'; var vars = ; var r = new RegExp; forvar i=0; i20000; i++ varsi =...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/08/28 12:0 a.m.91 views

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free Exploit

Exploit for windows platform in category dos / poc alert'start'; var vars = ; var r = new RegExp; forvar i=0; i20000; i++...

6.8AI score0.6769EPSS
Exploits2
Exploit DB
Exploit DB
added 2018/08/28 12:0 a.m.46 views

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free

alert'start'; var vars = ; var r = new RegExp; forvar i=0; i20000; i++ varsi = "aaaaa"; r.lastIndex = "aaaaa"; for...

7.4AI score
Exploits0
OSV
OSV
added 2018/06/11 9:29 p.m.5 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

5.9CVSS6.8AI score0.01521EPSS
Exploits1References5
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.35 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

6.6AI score0.01521EPSS
Exploits1References5
CVE
CVE
added 2018/06/11 9:0 p.m.136 views

CVE-2017-5384

CVE-2017-5384 : Information disclosure via Proxy Auto-Config (PAC) in Firefox

5.9CVSS6.5AI score0.01521EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.25 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

5.9CVSS7.8AI score0.01521EPSS
Exploits1
CNVD
CNVD
added 2017/12/21 12:0 a.m.3 views

Windows WPAD Service Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the WPAD service enabled by Windows by default, which can be exploited by an attacker to remotely control a Windows system and gain maximum privileges o...

7.2AI score
Exploits0References1
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.56 views

Windows: use-after-free in jscript!NameTbl::GetValDef(CVE-2017-11903)

There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery host and sending a malicious wpad.dat file to the victim. This works...

7.6CVSS7.8AI score0.46179EPSS
Exploits4
Rows per page
Query Builder