HyperView Geoportal Toolkit 安全漏洞

HyperView Geoportal Toolkit is a Map application in a Web browser from HyperView, Inc. A security vulnerability exists in HyperView Geoportal Toolkit version 8.2.4 and prior versions, which arises from an unrestricted cross-domain request for remote content pointed to by a GET request parameter,...

GHSA-9PHH-R37V-34WH lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files

Impact The browser renders the resulting HTML when opening a direct link to an HTML file via lakeFS. Any JavaScript within that page is executed within the context of the domain lakeFS is running in. An attacker can inject a malicious script inline, download resources from another domain, or make...

Veritas Technologies Appliance 跨站脚本漏洞

Veritas Technologies Appliance is an application from Veritas Technologies, USA. A security vulnerability exists in Veritas Technologies Appliance version v4.1.0.1. An attacker exploits the vulnerability to send requests to a completely different domain/IP address...

The vulnerability of the Windows operating system’s DNS server, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the Windows operating system’s DNS server relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted DNS request...

Cross-Domain Request Through Insecure JSONP Defaults

spring-webmvc is vulnerable to cross-domain requests. The vulnerability exists as JSONP is enabled through the jsonp and callback JSONP parameters in MappingJackson2JsonView by default...

Paragon Initiative Enterprises: Cross-domain AJAX request

Hi Paragonie Team, While reviewing your website i discovered that there are Cross-domain AJAX requests being sent, though you are implementing Content-Security-Policy header but Internet Explorer uses experimental X-Content-Security-Policy header according to Wikipedia info...

DEBIAN-CVE-2015-3294

The tcprequest function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setupreply function, which allows remote attackers to read process memory and cause a denial of service out-of-bounds read and crash via a malformed DNS request...

Dnsmasq 'setup_reply()' Denial of Service Vulnerability

DNSmasq is a small and handy tool for configuring DNS and DHCP for small networks that provides DNS functionality and optional DHCP functionality. Dnsmasq suffers from a denial of service vulnerability in its implementation, which can be exploited by a remote user to read the contents of process...

SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6879)

This update of acroread fixes : - Cross-domain request vulnerability CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified vulnerability that possibly allowed remote code execution. CVE-2010-0186: CVSS v2 Base Score: 5.8 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 6844)

The following bug has been fixed: Insufficient checks in flash-player allowed malicious flash applets to create illegal cross-domain requests CVE-2010-0186. The update also fixes a denial of service condition. CVE-2010-0187 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description...

SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 2065)

This update of acroread fixes : - Cross-domain request vulnerability. CVE-2010-0186 : CVSS v2 Base Score: 5.8 - An unspecified vulnerability that possibly allowed remote code execution. CVE-2010-0188 : CVSS v2 Base Score: 6.8 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

SuSE 11 Security Update : flash-player (SAT Patch Number 1977)

The following bug has been fixed : Insufficient checks in flash-player allowed malicious flash applets to create illegal cross-domain requests CVE-2010-0186. The update also fixes a denial of service condition. CVE-2010-0187 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...

openSUSE Security Update : flash-player (flash-player-1970)

Insufficient checks in flash-player allowed malicious flash applets to create illegal cross-domain requests CVE-2010-0186. The update also fixes a denial of service condition CVE-2010-0187. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Important: Red Hat Security Advisory: flash-plugin security update

An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The flash-plugin package contains a Mozilla Firefox compatible...

CSRF: don't underestimate my damage and ability to attack-vulnerability warning-the black bar safety net

Author: iceskysl Source: IceskYsl@1sters! CSRF, this attack way, although proposed a long time in the 2 0 0 6 time of year there, but this sleepy attack the giants until recently only gradually into our line of sight, what is CSRF what is that harm in the end how much? Common use is the How to,...

Vulnerability in multiple web browsers allowing request spoofing attacks

Overview Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page. In general, JavaScript only allows communication within the same domain ...