CVE-2017-5031

A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

CVE-2017-3525

Vulnerability in the PeopleSoft Enterprise SCM Service Procurement component of Oracle PeopleSoft Products subcomponent: Usability. The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSo...

Mozilla: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data (MFSA 2017-11, MFSA 2017-12)

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

The vulnerability of the iOS operating system and the Mac OS X operating system allows attackers to compromise the security of information.

The vulnerability of the HTTPProtocol component in the iOS operating system and the Mac OS X operating system is related to errors in the code. Exploiting this vulnerability allows remote HTTP/2 servers to affect the security of the information being processed...

UBUNTU-CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

PT-2017-10803 · Go +3 · Net/Http Package +3

Name of the Vulnerable Software and Affected Versions: net/http package affected versions not specified Description: The issue arises when the net/http package's Request.ParseMultipartForm method handles large multipart requests, potentially leading to a denial-of-service situation. An attacker c...

Tim Berners-Lee, Inventor of the Web, Wins $1 Million Turing Award 2016

Sir Tim Berners-Lee — the inventor of the World Wide Web — has won this year's A.M. Turing Award, which is frequently described as the "Nobel Prize of Computing," by the Association for Computing Machinery ACM. Turing Award is named after Alan Mathison Turing, the British mathematician and comput...

CVE-2016-8273

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

CVE-2017-2428

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an...

ALPINE-CVE-2016-10130

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

The vulnerability of Microsoft Edge browser allows a hacker to bypass existing access restrictions policies.

The vulnerability of Microsoft Edge is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to bypass existing policies that restrict access to HTML elements in other browser windows...

chromium-browser: address spoofing in omnibox

Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page...

NetGain Enterprise Manager 7.2.562 Command Execution

Exploit Title: NetGain Enterprise Manager a aPinga Command Injection Date: 23.02.2017 Exploit Author: MrChaZ Vendor Homepage: http://www.netgain-systems.com/ Version: = v7.2.562 build 853 Tested on: Windows 10 Pro 64-bit 10,0 Build 14393 Description:...

The vulnerability of Google Chrome browser allows a perpetrator to gain access to local files.

The vulnerability of the Histogram component in Google Chrome browser is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to gain access to local files through a specially crafted HTML page...

The vulnerability of Google Chrome allows a hacker to install a malicious extension.

The vulnerability of Google Chrome’s DevTools URLs component is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to install a malicious extension and gain access to file readings through a specially crafted HTML page...

The vulnerability of the Blink component in Google Chrome’s browser allows a hacker to inject any script they desire.

The vulnerability of the Blink component in Google Chrome relates to an incorrect definition of relationships between objects. Exploiting this vulnerability allows a malicious actor to inject arbitrary scripts or HTML code through a specially crafted HTML page...

Elefant CMS Cross-Site Request Forgery Vulnerability

Elefant CMS is a content management system. Elefant CMS suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to execute arbitrary HTML and script code within a user's browser session in the context of an affected site...

SAP KERNEL SAP Message Server HTTP Daemon Denial of Service Vulnerability

SAP KERNEL is a set of basic technology platforms written in the C language. A security vulnerability in SAP KERNEL's SAP Message Server HTTP daemon can be exploited by remote attackers to submit a special request that could crash the application...

CVE-2017-5027

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page...

CVE-2017-5019

A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...