Lucene search
+L

67 matches found

exploitpack
exploitpack
added 2017/02/22 12:0 a.m.90 views

D-Link DCS Series Cameras - Insecure Crossdomain

D-Link DCS Series Cameras - Insecure Crossdomain Exploit Title: Insecure CrossDomain.XML in D-Link DCS Series Cameras Date: 22/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on...

6.8CVSS0.4AI score0.04294EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/02/22 12:0 a.m.77 views

D-Link DCS Series Cameras - Insecure Crossdomain

Exploit Title: Insecure CrossDomain.XML in D-Link DCS Series Cameras Date: 22/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on DCS-933L with firmware version 1.03. Other...

8.8CVSS7AI score0.04294EPSS
Exploits5
Hacker One
Hacker One
added 2016/09/01 6:58 a.m.43 views

Mail.ru: Same origin policy bypass on e.mail.ru via Cross-Site Flashing

Hello Mail.Ru Security Team, There is a Cross-Site Flashing vulnerability in e.mail.ru. this vulnerability is similar to XSS except it is Flash script execution. Ref : https://www.owasp.org/index.php/TestingforCrosssiteflashingOTG-CLIENT-008 This allow an attacker to execute requests to the...

0.1AI score
Exploits0
NVD
NVD
added 2016/02/13 2:59 a.m.18 views

CVE-2016-1949

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

8.8CVSS8.4AI score0.01503EPSS
Exploits0References7
OSV
OSV
added 2016/02/13 2:59 a.m.3 views

DEBIAN-CVE-2016-1949

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

8.8CVSS8.3AI score0.01503EPSS
Exploits0References1
Prion
Prion
added 2016/02/13 2:59 a.m.18 views

Design/Logic Flaw

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

6.8CVSS6.8AI score0.01503EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2016/02/13 2:0 a.m.126 views

CVE-2016-1949

CVE-2016-1949 affects Mozilla Firefox prior to 44.0.2 where Service Workers improperly interact with plugins, allowing remote attackers to bypass the Same-Origin Policy by a crafted site that triggers spoofed responses to NPAPI requests (e.g., crossdomain.xml). This is a network‑accessible vulner...

8.8CVSS8.2AI score0.01503EPSS
Exploits0References7Affected Software1
ArchLinux
ArchLinux
added 2016/02/13 12:0 a.m.44 views

firefox: same-origin policy bypass

Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...

6.8CVSS8.5AI score0.01503EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/02/11 12:0 a.m.27 views

CVE-2016-1949

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

8.8CVSS7.2AI score0.01503EPSS
Exploits0References3
Mozilla
Mozilla
added 2016/02/11 12:0 a.m.56 views

Same-origin-policy violation using Service Workers with plugins — Mozilla

Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...

8.8CVSS8.5AI score0.01503EPSS
Exploits0References2Affected Software1
FreeBSD
FreeBSD
added 2016/02/11 12:0 a.m.32 views

firefox -- Same-origin-policy violation using Service Workers with plugins

The Mozilla Foundation reports: MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a servic...

8.8CVSS3.4AI score0.01503EPSS
Exploits0References1
Hacker One
Hacker One
added 2015/12/15 9:14 p.m.25 views

Imgur: risk of having secure=false in a crossdomain.xml

api.imgur.com permits SWF files on a non-HTTPS server to load data from this HTTPS server. Setting the secure attribute to false could compromise the security offered by HTTPS. In particular, setting this attribute to false opens secure content to snooping and spoofing attacks. The...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2015/11/27 2:56 a.m.56 views

ok.ru: Same-Origin Policy Bypass #2

Hi, This is really similar issue to my previous report 102234 - exploitation mechanism is really same but other swf file is vulnerable. All conditions are met: - st.mycdn.me domain which is in ok.ru crossdomain.xml - Security.allowDomain'' - possibility to execute own SWF code provided by URL...

Exploits0
Hacker One
Hacker One
added 2015/10/29 11:54 p.m.41 views

Bumble: crossdomain.xml too permissive on eu1.badoo.com, us1.badoo.com, etc.

Description The file crossdomain.xml that is hosted at https://eu1,us1,etc.badoo.com/crossdomain.xml is too permissive in the scope of allowed domains to access the content in the domain using Flash. When you contact Badoo via https://us1.badoo.com/feedback/, you can upload a file. This file can ...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2015/10/01 10:39 a.m.38 views

Imgur: Crossdomain.xml settings on api.imgur.com too open

The crossdomain.xml file hosted at http://api.imgur.com/crossdomain.xml was too open. This allowed SWF files to make HTTP requests and see it's response. If this was not changed, then attacker.com can embed a SWF on attacker.com/example.html that makes an HTTP request to http://api.imgur.com/. Th...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2015/02/12 12:35 a.m.48 views

Mail.ru: Same Origin Policy bypass

Hi, After small investigation I've probably found something that can be exploited to bypass Same Origin Policy on mail.ru services specially your main domain and e.mail.ru. First of all - let's take a look about your crossdomain.xml both for mail.ru and e.mail.ru: After time spent on searching...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2015/01/09 5:49 a.m.29 views

Vimeo: Misconfigured crossdomain.xml - vimeo.com

An overly permissive crossdomain.xml file on a domain that serves sensitive content is a major security risk. It exposes the domain hosting the improperly configured crossomain.xml file to information disclosure and request forgery. Attackers cannot only forge requests, they can read responses...

6.7AI score
Exploits0
CVE
CVE
added 2014/07/25 7:0 p.m.51 views

CVE-2014-2227

The CVE-2014-2227 issue affects Ubiquiti Networks UniFi Video (AirVision Controller) before 3.0.1, where the default crossdomain.xml (Flash cross-domain policy) fails to restrict access, allowing remote attackers to bypass the Same Origin Policy via a crafted SWF file. This enables attacks such a...

6CVSS6.8AI score0.02173EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2014/07/25 12:0 a.m.36 views

Ubiquiti AirVision Controller 2.1.3 Weak Settings

----------- Vendor: ----------- Ubiquiti Networks http://www.ubnt.com/ ---------------------------------------------- Affected Products/Versions: ---------------------------------------------- AirVision Controller v2.1.3 Note: Previous versions may be affected ----------------- Description:...

6CVSS0.02173EPSS
Exploits2
exploitpack
exploitpack
added 2014/07/23 12:0 a.m.17 views

Ubiquiti Networks UniFi Video Default - crossdomain.xml Security Bypass

Ubiquiti Networks UniFi Video Default - crossdomain.xml Security Bypass source: https://www.securityfocus.com/bid/68866/info UniFi Video is prone to a security-bypass vulnerability. An authenticated attacker can exploit this issue to bypass certain security restrictions and perform unauthorized...

0.2AI score
Exploits0
Rows per page
Query Builder