7 matches found
EUVD-2014-9295
Malware in sbrugna...
CVE-2024-34714
The CVE-2024-34714 entry affects the Hoppscotch Browser Extension (pre-0.35). The issue arises from an oversight during a change (commit d4e8e4830326f46ba17acd1307977ecd32a85b58) that allowed messages to be sent to the extension even when the origin was not present in the origin list, bypassing i...
Mail.ru: unclaimed subdomain special.rkeeper.ru to takeover from tilda.cc
Domain, site, application -- http://special.rkeeper.ru/ Testing environment -- OS version, browser information, settings and prerequisites to reproduce vulnerability, testing tools used, etc Steps to reproduce: 1. create account on tilda.cc 1. create a aproject then a domain will be assigned to...
X (Formerly Twitter): login csrf in analytics.mopub.com
Description: There is no csrftoken validation while logging in which leads to csrf. base request : POST /login HTTP/1.1 Host: analytics.mopub.com Connection: close Content-Length: 37 Accept: application/json, text/plain, / Origin: https://analytics.mopub.com User-Agent: Mozilla/5.0 Windows NT 10....
CVE-2019-9580
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3714-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3714-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...
openSUSE Security Update : seamonkey (openSUSE-2015-632)
seamonkey was updated to fix 25 security issues. These security issues were fixed : - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging 1 duplicate cache-key generation or 2 retrieval o...