5116 matches found
CVE-2014-1586
content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME...
Firefox < 33.0 Multiple Vulnerabilities (Mac OS X)
The version of Firefox installed on the remote Mac OS X host is a version prior to 33.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary...
Firefox ESR 31.x < 31.2 Multiple Vulnerabilities
The version of Firefox ESR 31.x installed on the remote Windows host is prior to 31.2. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary cod...
CVE-2014-1586
content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME...
UBUNTU-CVE-2014-1586
content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME...
UBUNTU-CVE-2014-1585
The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive informati...
Inconsistent video sharing within iframe — Mozilla
Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an , video will continue to be shared even if the user selects the Stop Sharing" button in the controls. The...
Bookfresh: Reflected XSS on www.bookfresh.com/index.html?view=upload_form
The issue is in the view uploadform. Description When you show an upload form in the site you use an URL like this: https://www.bookfresh.com/index.html?standalone=1&e=0c551a759eb62ba457d017569617eaa8&bk=FFFFFF&view=uploadform And you show the value of the parameter bk in the page: body...
UBUNTU-CVE-2014-3201
core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar...
CVE-2014-3201
core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar...
FineCMS 最新版存储型xss跨后台getshell和多处xss合集
简要描述: FineCMS 最新版xss跨后台getshell和多处xss合集,我知道这个厂商习惯性忽略,但是这只是一个开始,一个开始,开始........................... 详细说明: 首先我们演示一下第一个xss,通过这个xss,反弹后台getshell: 第一步,我们注册一个用户,如果管理员审核通过,也就是说这个用户是个普通的正常用户 我们去图片发表处: 下来我们看看本页也能弹出来: 下来我们去后台看看 是否能够弹出来: ok 到这里我们已经看到了这个xss,肯定会引起管理员的审核: 下来我们更换xss的payload: 我们用iframe标签: 加载远端js...
Get Simple CMS 3.3.3 CSRF / XSS / Clickjacking
Affected Vendor: http://get-simple.info/ Date: 23/09/2014 Discovered by: JoeV Type of vulnerability: CSRF, Click-jacking, DOM based XSS and XSS Tested on: Windows 7 Version : 3.3.3 Description: Get Simple CMS v 3.3.3 is susceptible to multiple vulnerabilities such as CSRF, Click-jacking, DOM base...
Code injection
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via 1 an http web site, 2 an https web site with an unacceptable X.509 certificate, or 3 an IFRAME element...
CVE-2014-4363
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via 1 an http web site, 2 an https web site with an unacceptable X.509 certificate, or 3 an IFRAME element...
Airties Air6372SO Modem Web Interface Cross Site Scripting
Airties Air6372SO Modem Web Interface XSS/Iframe Injection Vulnerability My + Author : KnocKout Contact : [email protected] HomePage : http://cyber-warrior.Org - http://h4x0resec.blogspot.com Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE©,VolqaN,Septemb0x, Unuttuklarýmýz affola...
Mozilla Firefox Secret Leak
body background-color: d0d0d0; img border: 1px solid teal; margin: 1ex; canvas border: 1px solid crimson; margin: 1ex; Variants: var c = document.getElementById'cvs'; var ctx = c.getContext'2d'; var loaded = 0; var imageobj = ; var USEIMAGES = 300; function checkresults var uniques = ;...
CVE-2014-3352
CVE-2014-3352 affects Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) 2008.3_SP9 and earlier. The root cause is improper handling of certain NULL sessions, leading to an information disclosure via crafted packets (the so-called iFrame vulnerability, Bug CSCuh84801). An unauthenticated...
CVE-2014-3352
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...
Design/Logic Flaw
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...
DEBIAN-CVE-2014-5243
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...