Lucene search
K

248 matches found

ATTACKERKB
ATTACKERKB
added 2017/12/27 5:8 p.m.3 views

CVE-2017-17859

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

6.1CVSS6AI score0.00942EPSS
Exploits2References2
Prion
Prion
added 2017/12/27 5:8 p.m.19 views

Design/Logic Flaw

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

4.3CVSS6.3AI score0.00942EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2017/12/25 12:0 a.m.61 views

Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS

From: https://poctestblog.blogspot.co.uk/2017/12/samsung-internet-browser-sop-bypassuxss.html Samsung Internet Browser SOP Bypass/UXSS There is a Same Origin Policy bypass / Universal Cross Site Scripting issue in Samsung Internet Browser tested on latest version - 6.2.01.12. First of all, using...

6.4AI score0.00942EPSS
Exploits2
Cvelist
Cvelist
added 2017/12/24 7:0 a.m.27 views

CVE-2017-17859

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

6.4AI score0.00942EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2017/11/13 9:33 p.m.3 views

Exploit for Cross-site Scripting in Google Chrome

CVE-2017-5124 UX...

6.1CVSS7AI score0.05245EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2017/11/07 12:0 a.m.33 views

Debian DSA-4020-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an annoucment that security support for chromium in the oldstable release jessie, Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongl...

8.8CVSS6.5AI score0.05245EPSS
Exploits6References42
OpenVAS
OpenVAS
added 2017/11/04 12:0 a.m.34 views

Debian: Security Advisory (DSA-4020-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.3AI score0.05245EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2017/10/30 12:0 a.m.37 views

openSUSE Security Update : chromium (openSUSE-2017-1221)

This update to Chromium 62.0.3202.75 fixes the following security issues : - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after...

8.8CVSS6.6AI score0.05245EPSS
Exploits6References23
OPENSUSE Linux
OPENSUSE Linux
added 2017/10/29 12:9 a.m.422 views

Security update for chromium (important)

This update to Chromium 62.0.3202.75 fixes the following security issues: - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after...

8.2AI score0.05245EPSS
Exploits6References2
RedHat Linux
RedHat Linux
added 2017/10/20 8:39 a.m.10 views

chromium-browser: uxss with mhtml

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

6.1CVSS7.5AI score0.05245EPSS
Exploits5References5
exploitpack
exploitpack
added 2017/10/03 12:0 a.m.30 views

Webkit (Chome 61) - MHTML Universal Cross-site Scripting

Webkit Chome 61 - MHTML Universal Cross-site Scripting MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; ------MultipartBoundary-- Content-Type: text/html Content-Location:...

4.3CVSS7.3AI score0.05245EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/10/03 12:0 a.m.46 views

Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting

MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; ------MultipartBoundary-- Content-Type: text/html Content-Location: https://google.com alert'Location origin:...

6.1CVSS7.5AI score0.05245EPSS
Exploits5
Prion
Prion
added 2017/07/12 1:29 p.m.17 views

Code injection

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...

4.3CVSS6.3AI score0.0338EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/07/12 1:0 p.m.96 views

CVE-2017-7678

CVE-2017-7678 affects Apache Spark up to version 2.2.0, where the web UI may reflect user-supplied data (including MHTML) back to the user. The root cause is improper validation of input by the Spark web UI, allowing an attacker to lure a user into a link pointing to a shared Spark cluster and tr...

6.1CVSS6.2AI score0.0338EPSS
Exploits0References2Affected Software1
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.39 views

MS11-037: Vulnerability in MHTML could allow information disclosure: June 14, 2011

MS11-037: Vulnerability in MHTML could allow information disclosure: June 14, 2011 INTRODUCTION Microsoft has released security bulletin MS11-037. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

6.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a malicious individual to inject any web script or HTML code they desire.

The Google Chrome browser contains a vulnerability related to cross-site scripting XSS in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp of Blink. Exploiting this vulnerability allows malicious actors to inject any web script or HTML code, using specially crafte...

4.3CVSS7.4AI score0.01832EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/04/14 12:0 a.m.6 views

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.

The vulnerability of the PageCaptureSaveAsMHTMLFunction::ReturnFailure function browser/extensions/api/pagecapture/pagecaptureapi.cc in the Google Chrome browser is related to code errors. Exploiting this vulnerability may allow an attacker to cause service failures or potentially other effects d...

9.3CVSS7.6AI score0.01199EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2016/03/30 7:54 a.m.6 views

chromium-browser: various fixes from internal audits

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...

9.3CVSS7.5AI score0.01199EPSS
Exploits0References5
CNVD
CNVD
added 2016/03/30 12:0 a.m.4 views

Google Chrome PageCaptureSaveAsMHTMLFunction::ReturnFailure Denial of Service Vulnerability

Google Chrome is a web browsing tool developed by Google. Google Chrome versions prior to 49.0.2623.108, browser/extensions/api/pagecapture/pagecaptureapi.cc/PageCaptureSaveAsMHTMLFunction:. A denial of service vulnerability exists in the ReturnFailure implementation, which can be exploited by...

9.3CVSS8.9AI score0.01199EPSS
Exploits0References1
OSV
OSV
added 2016/03/29 10:59 a.m.2 views

CVE-2016-1650

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...

8.8CVSS7.4AI score0.01199EPSS
Exploits0References11
Rows per page
Query Builder