10273 matches found
Design/Logic Flaw
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...
CVE-2015-1156
CVE-2015-1156 affects WebKit as used by Apple Safari: the page-loading implementation does not correctly handle the rel attribute in an A element, allowing a crafted site to bypass the Same Origin Policy for a link’s target and spoof the user interface. Affected Safari/WebKit versions include bef...
[ MDVSA-2015:207 ] perl-Module-Signature
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:207 http://www.mandriva.com/en/support/security/ Package : perl-Module-Signature Date : April 27, 2015 Affected: Business Server 1.0 Problem Description: Updated perl-Module-Signature package fixes the...
HackerOne: Making any Report Failed to load
Hello, I found a way to make any report failed to load using this code with Hex Character: www.%40ebаy.com I was testing for Homographic Issue using Hex Characters and I listed all of hex character and tried to bypass. Then, when I paste the list and comment it in a report I experienced report...
OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)
A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...
OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)
A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...
Fedora 20 : perl-Module-Signature-0.78-1.fc20 / perl-Test-Signature-1.11-1.fc20 (2015-5840)
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior ...
Privacy killer: the Flash permissions reflection-vulnerability warning-the black bar safety net
0x00 Preface Always thought the risk has long been valued, but recently accidentally found, there are still many sites the presence of the defects, which are some of the commonly used email, social networking sites, so it is necessary then to explore it again. In fact, this is not what...
MGASA-2015-0160 Updated perl-Module-Signature packages fix security vulnerabilities
Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying t...
OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)
A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...
RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:0808)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0808 advisory. - jar: directory traversal vulnerability CVE-2005-1080 - OpenJDK: incorrect handling of phantom references Hotspot, 8071931...
OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)
A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...
OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)
A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...
OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)
A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...
OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)
A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...
CVE-2 0 1 1-2 4 6 1 principles of analysis and case studies-vulnerability and early warning-the black bar safety net
0x00 vulnerability background From the CVE numbers it can be seen that this vulnerability has been for some years 1。 Because this vulnerability occurs in the Flex SDK, rather than the Flash Player. So for developers, as long as they used to have the defects of the Flex SDK to compile FLASH, then ...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header MFSA 2015-43 Loading privileged content through Reader mode...
Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2552-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2552-1 advisory. Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially craft...
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2550-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2550-1 advisory. Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially craft...
Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150401)
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2015-0813, CVE-2015-0815, CVE-2015-0801 A flaw was found in the wa...