9 matches found
Mozilla: Alert dialog could have been spoofed on another site
The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk` even though `co.uk` is listed as a PSL domain.
...
[SECURITY] Fedora 37 Update: youtube-dl-2023.07.30.git2efc8de-1.20230815git2efc8de.fc37
Small command-line program to download videos from YouTube and other sites...
UBUNTU-CVE-2021-3660
Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...
Apple iOS WebKit Security Bypass Vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in Apple iOS WebKit that allows remote attackers to exploit a vulnerability to trigger tap events to submit synthetic clicks on other different WEB pages...
Sybase EAServer XXE Injection
Hello! I'll give you additional information concerning advisory SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer http://securityvulns.ru/docs29622.html. It's about XXE Injection in Sybase EAServer. Among vulnerabilities in EAServer there is XXE Injection and it was only...
CakePHP / Squiz CMS XXE Injection
Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...
CVE-2005-3649
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter...
PT-1995-1006 · Satan · Satan
Name of the Vulnerable Software and Affected Versions: SATAN affected versions not specified Description: The issue allows the SATAN session key to be disclosed when the user navigates to other sites using their web browser, potentially enabling root access. Recommendations: At the moment, there ...