7427 matches found
Uber: Reflected XSS on developer.uber.com via Angular template injection
developer.uber.com is vulnerable to reflected XSS via Angular template injection. The following url demonstrates the root issue using a trivial payload: https://developer.uber.com/docs/deep-linking?q=wrtz77 If you view the rendered source of the resulting page, you'll find the string 'wrtz49',...
The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions.
The vulnerabilities of the browser/devtools/devtoolsuibindings.cc and WebKit/Source/devtools/frontend/Runtime.js functions within the Developer Tools subsystem of the Google Chrome browser are related to deficiencies in access control. Exploiting these vulnerabilities allows a malicious actor to...
Google Android N Preview — 6 Cool Features That You Should Know
Android N Developer Preview, an early beta of Google’s new mobile operating system that was expected to launch on Google I/O in mid-May, is unexpectedly launching right now. Android N Developer Preview for the Nexus 6P, Nexus 5X, Nexus 6, Pixel C Nexus 9, the Nexus Player and the General Mobile 4...
Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities
Exploit for php platform in category web applications Administrator optionsModify Current Theme" or use site.com/members/console.php?cID=61. You can then insert the PHP code of your choosing into Footer. In order to add or edit code you are required to provide a special Admin Key that was defined...
General Motors: XSS Vulnerability in developer.gm.com
The gm developer website contained a parameter that allowed XSS injection. The vulnerable input parameter has been identified and remediated...
Fedora 23 : subversion-1.9.3-1.fc23 (2015-afdb0e8aaa)
This update includes the latest stable release of Apache Subversion, version 1.9.3. User-visible changes: Client-side bugfixes: svn: fix possible crash in auth credentials cache cleanup: avoid unneeded memory growth during pristine cleanup diff: fix crash when repository is on server root fix...
Rogue Chinese iOS App Removed from App Store
Apple removed an iOS application from its Chinese iTunes App Store that allowed users of non-jailbroken iOS devices to install pirated and jailbroken apps. Researchers at Palo Alto Networks, who discovered the rogue application, said the app was not malicious, but presented a serious security ris...
Debian DSA-3486-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-1622 It was discovered that a maliciously crafted extension could bypass the Same Origin Policy. - CVE-2016-1623 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. - CVE-2016-1624 lukezli discover...
[SECURITY] [DSA 3486-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3486-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 21, 2016 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3486-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1622 It was discovered that a maliciously crafted extension could bypass the Same Origin Policy. CVE-2016-1623 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2016-1624 lukezli discovered a...
DSA-3486-1 chromium-browser - security update
Bulletin has no description...
LeaseWeb: Apache version disclosed on developer.leaseweb.com
HI For URL "http://developer.leaseweb.com/asdfadsf" apache version is disclosed in response header "Server" Connection: keep-alive Content-Encoding: gzip Content-Length: 174 Content-Type: text/html; charset=iso-8859-1 Date: Sat, 20 Feb 2016 05:11:18 GMT Server: Apache/2.4.7 Vary: User-Agent This...
JVN#31524757: EC-CUBE plugin "Help plug-in" vulnerable to SQL injection
EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote attacker. Solution Update the plugin Update to the latest version according to the information provided by the developer...
JVN#71428831: Cybozu Office vulnerable to open redirect
Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest version...
JVN#48720230: Cybozu Office access restriction bypass vulnerability
Cybozu Office contains an access restriction bypass vulnerability in multiple functions. Impact A remote unauthenticated attacker may view the information about the groupware. An authenticated attacker may obtain privileged information or may cause specific functions to become unusable. Solution...
Google Chrome Multiple Vulnerabilities (Feb 2016) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
JVN#69278491: Cybozu Office vulnerable to cross-site scripting
Cybozu Office contains a cross-site scripting vulnerability CWE-79 in multiple functions. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Cyboz...
CVE-2016-1627
The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...
Design/Logic Flaw
The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...
CVE-2016-1627
Removed by vendor...