Lucene search
K

7691 matches found

Prion
Prion
added 2018/06/11 9:29 p.m.20 views

Code injection

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

4.3CVSS6.5AI score0.01521EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2018/06/11 9:29 p.m.21 views

Design/Logic Flaw

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox 50...

5CVSS5.9AI score0.01905EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.30 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

6.6AI score0.01521EPSS
Exploits1References5
CVE
CVE
added 2018/06/11 9:0 p.m.133 views

CVE-2017-5384

CVE-2017-5384 : Information disclosure via Proxy Auto-Config (PAC) in Firefox

5.9CVSS6.5AI score0.01521EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2018/06/11 9:0 p.m.135 views

CVE-2018-5113

The issue CVE-2018-5113 affects Firefox

7.5CVSS7.6AI score0.02074EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.20 views

CVE-2017-7759

Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected...

7.6AI score0.00675EPSS
Exploits1References4
CVE
CVE
added 2018/06/11 9:0 p.m.128 views

CVE-2016-9071

CVE-2016-9071 describes a vulnerability in Mozilla Firefox prior to 50 where Content Security Policy combined with HTTP-to-HTTPS redirection could allow a malicious server to determine if a site is present in a user’s browsing history. Impact: history verification via CSP/HSTS/redirect. Affected ...

5.3CVSS6.1AI score0.01905EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.25 views

CVE-2016-9071

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox 50...

6.3AI score0.01905EPSS
Exploits0References4
CVE
CVE
added 2018/06/11 9:0 p.m.115 views

CVE-2017-7835

CVE-2017-7835 affects Mozilla Firefox < 57.0. The issue is that mixed content blocking for insecure (HTTP) sub-resources in HTTPS pages failed for resources that redirect from HTTPS to HTTP, allowing blocked content such as scripts to load. The connected Nessus/Ubuntu advisories corroborate th...

7.5CVSS7.3AI score0.01522EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.23 views

CVE-2017-7835

Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...

7.5AI score0.01522EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.21 views

CVE-2017-7759

Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected...

7.5CVSS7AI score0.00675EPSS
Exploits1
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.16 views

CVE-2018-5113

The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox 58...

7.5CVSS8.7AI score0.02074EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.19 views

CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

5.9CVSS7.8AI score0.01521EPSS
Exploits1
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.21 views

CVE-2017-7835

Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...

7.5CVSS8.6AI score0.01522EPSS
Exploits0
Metasploit
Metasploit
added 2018/06/11 8:19 a.m.50 views

Linux Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1516524 include...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2018/06/11 8:19 a.m.45 views

Linux Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1061912 include...

7.3AI score
Exploits0
OSV
OSV
added 2018/06/07 2:29 a.m.16 views

CVE-2018-3739

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...

9.1CVSS9.3AI score
Exploits0References1
Prion
Prion
added 2018/06/07 2:29 a.m.13 views

Design/Logic Flaw

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...

6.4CVSS9AI score0.02012EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/06/07 2:0 a.m.63 views

CVE-2018-3739

CVE-2018-3739 affects the Node.js https-proxy-agent module. The root cause is passing the auth option to the Buffer constructor without proper sanitization, enabling a remote attacker to cause denial of service and memory leak through crafted input in the auth parameter (e.g., JSON). Reported in ...

9.1CVSS8.9AI score0.02012EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2018/06/06 12:0 a.m.19 views

RSA Web Threat Detection (WTD) Detection

RSA Web Threat Detection WTD. The script sends a connection request to the server and attempts to detect RSA Web Threat Detection WTD and to extract its version. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

7AI score
Exploits0References1
Rows per page
Query Builder