209 matches found
Mozilla: Cross-origin information leakage via redirected PDF requests
The Mozilla Foundation Security Advisory describes this flaw as: If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data...
Mozilla: Cross-origin information leakage via redirected PDF requests
The Mozilla Foundation Security Advisory describes this flaw as: If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data...
Mozilla Firefox 63.0.1 - Denial of Service Exploit
Exploit Title: Mozilla Firefox 63.0.1 - Denial of Service PoC Exploit Author: SAIKUMAR CHEBROLU Vendor Homepage: https://www.mozilla.org/en-US/firefox/new/ Bugzilla report: https://bugzilla.mozilla.org/showbug.cgi?id=1504512 Version: Firefox 63.0.1 Tested on: Windows 10 CVE : No CVE is been...
Mozilla Firefox 63.0.1 - Denial of Service (PoC)
Mozilla Firefox 63.0.1 - Denial of Service PoC Exploit Title: Mozilla Firefox 63.0.1 - Denial of Service PoC Date: 2018-11-29 Exploit Author: SAIKUMAR CHEBROLU Vendor Homepage: https://www.mozilla.org/en-US/firefox/new/ Bugzilla report: https://bugzilla.mozilla.org/showbug.cgi?id=1504512 Version:...
Internet Bug Bounty: Improper handling of Chunked data request in sapi_apache2.c leads to Reflected XSS
Hey, Chunked requests can trigger xss and html injection at any end point because the APRBRIGADEINSERTTAILbrigade, bucket is getting destroyed by other handlers. Affected versions: Any OS: Any https://bugs.php.net/bug.php?id=76 Prashanths-MacBook-Pro: prashanthvarma$ nc localhost 80 POST /lol.php...
pidgin: Heap-based buffer overflow when parsing chunked HTTP responses
Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service application crash or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data...
Design/Logic Flaw
The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...
CVE-2010-2328
The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...
RealNetworks products fail to properly handle chunked data
Overview Numerous RealNetworks products do not properly handle chunked data. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer RealNetworks RealPlayer is a multimedia application that allows users to view local and...