Information Exposure

follow-redirects is vulnerable to Information Exposure. The vulnerability is due to improper filtering of custom authentication headers during cross-domain redirects, which allows an attacker to obtain sensitive credentials forwarded to unintended domains...

Linux Distros Unpatched Vulnerability : CVE-2026-40895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP...

CC Switch 安全漏洞

CC Switch is a multi-model command-line tool manager developed by Jason Young. Versions of CC Switch 3.12.3 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of unknown functions in the ProxyServer component’s file src-tauri/src/proxy/server.rs...

EUVD-2017-16827

Malware in sbrugna...

EUVD-2022-4889

Malicious code in bioql PyPI...

Malicious code in crossdomain-xhr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ab343d1f78365f0bc2589bd835b94aa0fd90723d8e80a9d0b774a3a99589b0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8717 Malicious code in crossdomain-xhr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ab343d1f78365f0bc2589bd835b94aa0fd90723d8e80a9d0b774a3a99589b0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2004-0905

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain...

SUSE CVE-2009-1106

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948...

SUSE CVE-2009-1307

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

SUSE CVE-2016-1949

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

chicagotribune.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-626914 Description| Value ---|--- Affected Website:| chicagotribune.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

houkconsulting.com XSS vulnerability

Open Bug Bounty ID: OBB-467053 Description| Value ---|--- Affected Website:| houkconsulting.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...

Hiro: Weak crossdomain.xml

The e-mail list management service used by Blockstack operated by MailChimp has a lenient cross-domain flash policy -- this is not a vulnerability, however, the crossdomain.xml used by the mailing service is more lenient than used by normal web services...

Socusoft: XSS in HTML Content Generated by Flash Slideshow Maker (All Versions)

The vulnerability identified does not exist within the software application itself, instead, the vulnerability presents itself within the application's exported files which end up hosted on an external web-server. Socusoft's Flash Slideshow Maker application has two configuration themes associate...

Flash Slideshow Maker Professional XSS / Content Forgery / Redirect

================================================================================= | | | | | | | | | | | |/' | / / / / | ' | /| | ' \ \ / | '| \ \ \ /\ / / | | | \ |/ / | | | | |./ / | | ./ /\ V V / || ||/|| || ||/ || / // C O N T A C T : Twitter: @ret2eax Email: [email protected] Blog:...

DLink DCS Series Cameras - Insecure Crossdomain Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Insecure CrossDomain.XML in D-Link DCS Series Cameras Date: 22/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version:...

PT-2017-17954 · D Link · Dcs-932Lb1 +7

Name of the Vulnerable Software and Affected Versions: D-Link DCS-933L versions prior to 1.13.05 D-Link DCS-5030L D-Link DCS-5020L D-Link DCS-2530L D-Link DCS-2630L D-Link DCS-930L D-Link DCS-932L D-Link DCS-932LB1 Description: The issue allows sites hosting malicious Flash objects to access and/...

Pornhub: Blind Stored XSS against Pornhub employees using Amateur Model Program

The researcher discovered a stored XSS attack vector via the amateur model settings page on Pornhub. I was able to turn Stored Self-XSS in the MPP Model Payment Program application input form field into the Blind Stored XSS without user interaction against employees who process the MPP...

U.S. Dept Of Defense: Video player on ███ allows arbitrary remote videos to be played

Summary: A Flash video player hosted on ███████ can be provided with an arbitrary remote XML file via the url query string parameter. Description: The Flash video player http://█████/shared/widgets/popup.asp uses the url query string parameter as an address to fetch an RSS feed type XML document...