Lucene search
K

9 matches found

RedHat Linux
RedHat Linux
added 2024/02/22 4:51 p.m.3 views

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

6.5CVSS7.3AI score0.00673EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2023/12/11 8:0 a.m.1 views

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk` even though `co.uk` is listed as a PSL domain.

...

6.5CVSS6.7AI score0.01685EPSS
Exploits1
Fedora
Fedora
added 2023/08/25 12:43 a.m.37 views

[SECURITY] Fedora 37 Update: youtube-dl-2023.07.30.git2efc8de-1.20230815git2efc8de.fc37

Small command-line program to download videos from YouTube and other sites...

8.2CVSS7AI score0.00902EPSS
Exploits0
OSV
OSV
added 2022/03/10 5:42 p.m.1 views

UBUNTU-CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

4.3CVSS7.2AI score0.01212EPSS
Exploits0References3
CNVD
CNVD
added 2015/08/19 12:0 a.m.3 views

Apple iOS WebKit Security Bypass Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in Apple iOS WebKit that allows remote attackers to exploit a vulnerability to trigger tap events to submit synthetic clicks on other different WEB pages...

5CVSS6.6AI score0.01578EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2013/08/11 12:0 a.m.24 views

Sybase EAServer XXE Injection

Hello! I'll give you additional information concerning advisory SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer http://securityvulns.ru/docs29622.html. It's about XXE Injection in Sybase EAServer. Among vulnerabilities in EAServer there is XXE Injection and it was only...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/08/12 12:0 a.m.47 views

CakePHP / Squiz CMS XXE Injection

Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...

0.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2005/11/17 11:2 a.m.29 views

CVE-2005-3649

jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter...

2.6CVSS6AI score0.0306EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 1995/04/03 12:0 a.m.5 views

PT-1995-1006 · Satan · Satan

Name of the Vulnerable Software and Affected Versions: SATAN affected versions not specified Description: The issue allows the SATAN session key to be disclosed when the user navigates to other sites using their web browser, potentially enabling root access. Recommendations: At the moment, there ...

7.6CVSS6.2AI score0.0138EPSS
Exploits0References2
Rows per page
Query Builder