Vimeo: OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing

Hello Vimeo Security Team, There is a vulnerability in api.vimeo.com/oauth which allows an attacker to gain full App privilege over a Vimeo victim user account without user approval, just by having the victim open a link to the attacker webpage. Proof of Concept link :...

Vimeo: CSRF on Vimeo via cross site flashing leading to info disclosure and private videos go public

Hello Vimeo Security Team. There is a CSRF vulnerability on Vimeo.com. With this vulnerability, an attacker can make all the victim's vimeo videos go public just by having the victim open a link to the attacker webpage. He can also get the victim's vimeo name, user id, user account type and perfo...

FreeBSD : typo3 -- multiple vulnerabilities (a0d77bc8-c6a7-11e5-96d6-14dae9d210b8)

TYPO3 Security Team reports : It has been discovered that TYPO3 CMS is susceptible to Cross-Site Scripting and Cross-Site Flashing. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyrigh...

TYPO3 Multiple Vulnerabilities-01 (Jan 2016)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

CVE-2015-8760

The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."...

CVE-2015-8760

The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."...

CVE-2015-8760

The CVE-2015-8760 issue affects TYPO3 6.2.x prior to 6.2.16, where the Flvplayer component can cause Cross-Site Flashing by embedding Flash videos from external domains via unspecified vectors. This vulnerability can allow remote attackers to load external media, with the impact described as pote...

TYPO3 is susceptible to Cross-Site Flashing

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/...

TYPO3 is susceptible to Cross-Site Flashing

It has been discovered, that TYPO3 is susceptible to Cross-Site Flashing Component Type: TYPO3 CMS Release Date: December 15, 2015 Vulnerable subcomponent: Flvplayer Vulnerability Type: Affected Versions: Versions 6.2.0 to 6.2.15 Severity: Medium Suggested CVSS v2.0:...

SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Cross Site Flashing Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908647 0 Abstract: -------------...

SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Cross Site Flashing Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908647 0 Abstract: -------------...

HTC HD2 TCOM Win 6.5 modify to HTC HD2 Win7 10 Steps

Document Title: =============== HTC HD2 TCOM Win 6.5 modify to HTC HD2 Win7 10 Steps Release Date: ============= 2012-01-13 Vulnerability Laboratory ID VL-ID: ==================================== 381 Discovery Status: ================= Published Exploitation Technique: =======================...