5124 matches found
Code injection
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via 1 an http web site, 2 an https web site with an unacceptable X.509 certificate, or 3 an IFRAME element...
CVE-2014-4363
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via 1 an http web site, 2 an https web site with an unacceptable X.509 certificate, or 3 an IFRAME element...
Airties Air6372SO Modem Web Interface Cross Site Scripting
Airties Air6372SO Modem Web Interface XSS/Iframe Injection Vulnerability My + Author : KnocKout Contact : [email protected] HomePage : http://cyber-warrior.Org - http://h4x0resec.blogspot.com Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE©,VolqaN,Septemb0x, Unuttuklarýmýz affola...
Mozilla Firefox Secret Leak
body background-color: d0d0d0; img border: 1px solid teal; margin: 1ex; canvas border: 1px solid crimson; margin: 1ex; Variants: var c = document.getElementById'cvs'; var ctx = c.getContext'2d'; var loaded = 0; var imageobj = ; var USEIMAGES = 300; function checkresults var uniques = ;...
CVE-2014-3352
CVE-2014-3352 affects Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) 2008.3_SP9 and earlier. The root cause is improper handling of certain NULL sessions, leading to an information disclosure via crafted packets (the so-called iFrame vulnerability, Bug CSCuh84801). An unauthenticated...
CVE-2014-3352
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...
Design/Logic Flaw
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...
CVE-2014-5243
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
DEBIAN-CVE-2014-5243
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2014-5243
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
Code injection
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2014-5243
CVE-2014-5243 affects MediaWiki up to versions 1.22.x before 1.22.9 and 1.23.x before 1.23.2, plus earlier 1.19.18; the issue is failure to enforce an IFRAME protection mechanism for transcluded pages, enabling clickjacking via a crafted site. Connected advisories confirm related fixes and cross-...
CVE-2014-5243
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
CVE-2014-5243
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
MediaWiki < 1.19.18 / 1.22.9 / 1.23.2 Multiple Vulnerabilities
According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - A flaw exists due to comments not being prepended to the JSONP callbacks. This allows a remote attacker, using a specially crafted SWF file, to perform a cross-si...
openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
MozillaFirefox was updated to version 31 to fix various security issues and bugs : - MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards - MFSA 2014-57/CVE-2014-1549 bmo1020205 Buffer overflow during Web Audio buffering for playback - MFSA 2014-58/CVE-2014-1550 bmo1020411...
Firefox < 31.0 Multiple Vulnerabilities
The version of Firefox installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may...
Mozilla Thunderbird < 31.0 Multiple Vulnerabilities
The version of Thunderbird installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which...
FreeBSD : mozilla -- multiple vulnerabilities (978b0f76-122d-11e4-afe3-bc5ff4fb5e7b)
The Mozilla Project reports : MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating...
Cross site request forgery (csrf)
Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...