CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

Code injection

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2014-5243

CVE-2014-5243 affects MediaWiki up to versions 1.22.x before 1.22.9 and 1.23.x before 1.23.2, plus earlier 1.19.18; the issue is failure to enforce an IFRAME protection mechanism for transcluded pages, enabling clickjacking via a crafted site. Connected advisories confirm related fixes and cross-...

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

MediaWiki < 1.19.18 / 1.22.9 / 1.23.2 Multiple Vulnerabilities

According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - A flaw exists due to comments not being prepended to the JSONP callbacks. This allows a remote attacker, using a specially crafted SWF file, to perform a cross-si...

openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)

MozillaFirefox was updated to version 31 to fix various security issues and bugs : - MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards - MFSA 2014-57/CVE-2014-1549 bmo1020205 Buffer overflow during Web Audio buffering for playback - MFSA 2014-58/CVE-2014-1550 bmo1020411...

FreeBSD : mozilla -- multiple vulnerabilities (978b0f76-122d-11e4-afe3-bc5ff4fb5e7b)

The Mozilla Project reports : MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating...

Mozilla Thunderbird < 31.0 Multiple Vulnerabilities

The version of Thunderbird installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which...

Firefox < 31.0 Multiple Vulnerabilities

The version of Firefox installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may...

Cross site request forgery (csrf)

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...

Firefox 31 Patches 11 Security Flaws

Mozilla has released a new version of Firefox, which includes patches for 11 security vulnerabilities. Three of the bugs fixed in Firefox 31 are critical, including a use-after-free vulnerability and a handful of memory safety issues. There are actually several separate use-after-free...

UBUNTU-CVE-2014-1552

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating...

IFRAME sandbox same-origin access through redirect — Mozilla

Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval...

PHPmotion <= 2.1 CSRF Vulnerability

No description provided by source. PHPmotion = 2.1 CSRF vulnerability Author: Ausome1 Email: [email protected] Website: http://www.enigmagroup.org Description: Change a member's password and/or email...

pilot cart 7.3 - Multiple Vulnerabilities

No description provided by source. Title: ASPilot Pilot Cart 7.3 multiple vulnerabilities Date: 07.11.2010 Author: Ariko-Security Software Link: http://www.pilotcart.com Version: 7.3 CVE Reference: CVE-2008-2688 only 1 SQL injection EDB-ID: 5765 only 1 SQL injection Ariko-Security: Security Audit...

phpBB 2.0.21 Privmsg.PHP HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22001/info phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code...

CKEditor < 4.1 - Persistent XSS WYSIWYG module Drupal 6.x & 7.x

No description provided by source. Exploit Title: Persistent XSS in wysiwyg CKEditor 4.1 Drupal 6.x & 7.x Date: 15/05/2013 Exploit Author: r0ng Vendor Homepage: http://www.websitesecurityscan.net, http://www.hackers2devnull.blogspot.co.uk Software Links: http://ckeditor.com/release/CKEditor-4.0.3...