Lucene search
K

53 matches found

CNVD
CNVD
added 2015/11/07 12:0 a.m.2 views

Mozilla Firefox and Firefox ESR Same Origin Policy Bypass Vulnerability

Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. Mozilla Firefox incorrectly uses the CORS cross-origin request algorithm of the POST method to handle the server-side Content-Type header, and a remote attacker can exploit the vulnerability to...

7.5CVSS8.9AI score0.02841EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2015/11/04 12:0 a.m.33 views

CVE-2015-7193

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack...

7.5CVSS7.3AI score0.02841EPSS
Exploits0References4
CVE
CVE
added 2015/10/15 10:0 a.m.93 views

CVE-2015-6762

CVE-2015-6762 affects Chromium/Google Chrome engines prior to 46.0.2490.71. The vulnerability lies in the CSSFontFaceSrcValue::fetch path in Blink’s CSS font loading, where the CORS cross-origin request algorithm is not used for fonts with seemingly same-origin URLs, allowing a remote server to b...

7.5CVSS8.8AI score0.01697EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2015/10/15 10:0 a.m.24 views

CVE-2015-6762

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets CSS implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...

9AI score0.01697EPSS
Exploits0References10
OSV
OSV
added 2015/10/15 12:0 a.m.5 views

UBUNTU-CVE-2015-6762

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets CSS implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...

7.5CVSS7.3AI score0.01697EPSS
Exploits0References7
NVD
NVD
added 2015/08/16 11:59 p.m.14 views

CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive...

5CVSS6.7AI score0.02754EPSS
Exploits0References8
Prion
Prion
added 2015/08/16 11:59 p.m.26 views

Cross site request forgery (csrf)

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive...

5CVSS5.7AI score0.02754EPSS
Exploits0References8Affected Software3
CVE
CVE
added 2015/08/16 11:0 p.m.71 views

CVE-2015-3752

The CVE-2015-3752 issue affects WebKit’s Content Security Policy handling in Safari (and underlying WebKit in iOS) prior to specific updates. The root cause is improper restriction of cookie transmission for CSP report requests, enabling potential leakage of cookies via cross-origin requests or p...

5CVSS6.9AI score0.02754EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2015/08/16 11:0 p.m.18 views

CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive...

8AI score0.02754EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2015/08/16 12:0 a.m.22 views

CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive...

5CVSS7.2AI score0.02754EPSS
Exploits0References6
seebug.org
seebug.org
added 2014/09/04 12:0 a.m.28 views

cmseasy csrf通过一个xss最后getshell

简要描述: 为什么我们要选择get类型的呢,因为get类型存储到数据库的时候触发时候管理员是察觉不到的,可以通过图片等进行操作,然后我们存储一个xss后门,这样一来,我们就可以加载一个远端的js,那么就各种无视token和referer了 详细说明: 开始我们先分析一段源代码: celive/admin/system.php:line:128-142: if$do == 'add' and $username != '' $password = addslashes$REQUEST'password'; $password = md5$password; $realname =...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/09/08 12:0 a.m.45 views

SeaMonkey < 2.0.7 Multiple Vulnerabilities

Binary data 5660.prm...

9.3CVSS9.7AI score0.22109EPSS
Exploits1References28
Debian CVE
Debian CVE
added 2010/08/19 8:0 p.m.40 views

CVE-2010-1760

Removed by vendor...

10CVSS6.6AI score0.02644EPSS
Exploits0
Rows per page
Query Builder