Lucene search
+L

370 matches found

Tenable Nessus
Tenable Nessus
added 2015/01/15 12:0 a.m.26 views

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20150113)

Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2014-8634, CVE-2014-8639 It was found that the Beacon interface...

7.5CVSS8AI score0.03861EPSS
Exploits0References4
Cent OS
Cent OS
added 2015/01/14 4:8 p.m.65 views

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2015:0046 Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring...

7.5CVSS7.2AI score0.04158EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2015/01/14 12:0 a.m.32 views

Mozilla Thunderbird < 31.4 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote Mac OS X host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon' in...

7.5CVSS7.7AI score0.04109EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2015/01/14 12:0 a.m.38 views

Firefox ESR 31.x < 31.4 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon'...

7.5CVSS7.1AI score0.04158EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2015/01/13 11:18 p.m.52 views

Critical: Red Hat Security Advisory: firefox security and bug fix update

Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.5CVSS7.2AI score0.04158EPSS
Exploits0References8
Hacker One
Hacker One
added 2014/05/27 7:48 a.m.22 views

Factlink: HTML5 cross-origin resource sharing

Issue: HTML5 cross-origin resource sharing Host: https://staging.factlink.com Path: /about Issue detail The application implements an HTML5 cross-origin resource sharing CORS policy for this request which allows access from any domain. Allowing access from all domains means that any domain can...

0.2AI score
Exploits0
myhack58
myhack58
added 2013/11/22 12:0 a.m.55 views

Use the csrf vulnerability to upload files-the vulnerability warning-the black bar safety net

Everyone knows that the commonly used csrf to upload a file is not very simple. The problem is that we create a fake form submission data with browser file upload to submit the data a little different. That is the upload request will have a filename parameter: -----------------------------2 5 6 6...

7.2AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.29 views

cors_origin

Inspect if application check that the value of the "Origin" HTTP header is consistent with the value of the remote IP address/Host of the sender of the incoming HTTP request. Configurable parameters are: originheadervalue Note : This plugin is useful to test "Cross Origin Resource Sharing CORS"...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/01/30 12:0 a.m.31 views

Opera < 12.13 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 12.13 and is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to DOM manipulation that could lead to application crashes or arbitrary code execution. 1042 - A use-after-free error exists...

9.3CVSS5.8AI score0.08036EPSS
Exploits0References11
NVD
NVD
added 2013/01/02 11:46 a.m.19 views

CVE-2012-6462

Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing CORS specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request...

5CVSS6.4AI score0.01784EPSS
Exploits0References2
Prion
Prion
added 2013/01/02 11:46 a.m.14 views

Cross site scripting

Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing CORS specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request...

5CVSS7AI score0.01784EPSS
Exploits0References2Affected Software1
FreeBSD
FreeBSD
added 2012/11/06 12:0 a.m.17 views

opera -- multiple vulnerabilities

Opera reports: CORS Cross-Origin Resource Sharing allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target...

2.2AI score
Exploits0References3
Opera Security Advisories
Opera Security Advisories
added 2012/11/02 12:0 a.m.479 views

CORS requests can incorrectly retrieve contents of cross origin pages

CORS Cross-Origin Resource Sharing allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target site sends the...

2AI score
Exploits0Affected Software1
Nmap
Nmap
added 2011/10/04 6:22 a.m.138 views

http-cors NSE Script

Tests an http server for Cross-Origin Resource Sharing CORS, a way for domains to explicitly opt in to having certain methods invoked by another domain. The script works by setting the Access-Control-Request-Method header field for certain enumerated methods in OPTIONS requests, and checking the...

10CVSS0.3AI score0.99448EPSS
Exploits33
OpenVAS
OpenVAS
added 2009/11/17 12:0 a.m.31 views

Fedora Core 10 FEDORA-2009-11488 (qt)

The remote host is missing an update to qt announced via advisory FEDORA-2009-11488. OpenVAS Vulnerability Test $Id: fcore200911488.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-11488 qt Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...

9.3CVSS1AI score0.06192EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2009/11/17 12:0 a.m.49 views

Fedora Core 11 FEDORA-2009-11491 (qt)

The remote host is missing an update to qt announced via advisory FEDORA-2009-11491. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

9.3CVSS6.8AI score0.06192EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2009/11/17 12:0 a.m.35 views

Fedora Core 12 FEDORA-2009-11487 (qt)

The remote host is missing an update to qt announced via advisory FEDORA-2009-11487. OpenVAS Vulnerability Test $Id: fcore200911487.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-11487 qt Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...

9.3CVSS1AI score0.03478EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2009/11/16 12:0 a.m.34 views

Fedora 12 : qt-4.5.3-9.fc12 (2009-11487)

A security flaw was found in the WebKit's Cross-Origin Resource Sharing CORS implementation. Multiple security flaws integer underflow, invalid pointer dereference, buffer underflow and a denial of service were found in the way WebKit's FTP parser used to process remote FTP directory listings. No...

9.3CVSS8.3AI score0.03478EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2009/11/16 12:0 a.m.32 views

Fedora 10 : qt-4.5.3-9.fc10 (2009-11488)

A security flaw was found in the WebKit's Cross-Origin Resource Sharing CORS implementation. Multiple security flaws integer underflow, invalid pointer dereference, buffer underflow and a denial of service were found in the way WebKit's FTP parser used to process remote FTP directory listings. No...

9.3CVSS8.3AI score0.03478EPSS
Exploits3References5
Prion
Prion
added 2009/11/13 3:30 p.m.27 views

Cross site request forgery (csrf)

The implementation of Cross-Origin Resource Sharing CORS in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to...

6.8CVSS6.4AI score0.01553EPSS
Exploits2References22Affected Software5
Rows per page
Query Builder