371 matches found
KB4489883: Windows 8.1 and Windows Server 2012 R2 March 2019 Security Update
The remote Windows host is missing security update 4489883 or cumulative update 4489881. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully...
KB4489885: Windows 7 and Windows Server 2008 R2 March 2019 Security Update
The remote Windows host is missing security update 4489885 or cumulative update 4489878. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting fores...
CVE-2018-12402
The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...
chromium-browser: Insufficient policy enforcement in Navigation
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...
CVE-2018-12370
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...
Mail.ru: DNS Misconfiguration
Your localhost.mail.ru has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy: http://www.securityfocus.com/archive/1/486606/30/0/threaded I can also ping the localhost network from mail.ru, as in the image...
CVE-2016-6798
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...
U.S. Dept Of Defense: DNS Misconfiguration
Multiple reporters identified a DNS configuration issue in the defense.gov domain that could allow same-site scripting. Thanks to @myst404 for first reporting this, and to @atik-rahman and others for also reporting it...
Respondly: DNS Misconfiguration
Hey !! Daksh Here !! This time i would like to report DNS Misconfiguration in your site . I have noticed your http://localhost.respond.ly/ has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy:...
IRCCloud: DNS Misconfiguration
Your localhost.irccloud.com has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy: http://www.securityfocus.com/archive/1/486606/30/0/threaded...