Lucene search
K

93 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.3 views

Safari allows access from HTTP to HTTPS

Overview Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session. Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TL...

6.8CVSS6.5AI score0.02569EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2008/03/04 11:44 p.m.21 views

CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

5.1CVSS5.9AI score0.00912EPSS
Exploits0References1
OSV
OSV
added 2008/03/04 11:44 p.m.1 views

DEBIAN-CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

5.1CVSS7.9AI score0.00912EPSS
Exploits0References1
securityvulns
securityvulns
added 2007/07/10 12:0 a.m.195 views

Firefox wyciwyg:// cache zone bypass

There is an interesting vulnerability in how Mozilla Firefox handles internal wyciwyg:// pseudo-URIs. These cache-related resource identifiers are meant to be inaccessible by the user - but there are at least three routes to bypass these restrictionss, one of which - HTTP 302 redirect - also...

6.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/02/23 2:28 a.m.41 views

CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page...

6.8CVSS6AI score0.01467EPSS
Exploits0References1
NVD
NVD
added 2007/02/23 2:28 a.m.27 views

CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page...

6.8CVSS6.5AI score0.01467EPSS
Exploits0References12
OSV
OSV
added 2007/02/23 2:28 a.m.8 views

CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page...

6.4AI score
Exploits0References12
OSV
OSV
added 2007/02/23 2:28 a.m.2 views

DEBIAN-CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page...

6.8CVSS6.6AI score0.01467EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/02/23 12:0 a.m.30 views

CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page...

6.5AI score0.01467EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2007/02/23 12:0 a.m.32 views

CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page...

6.8CVSS6.4AI score0.01467EPSS
Exploits0
NVD
NVD
added 2003/04/22 4:0 a.m.28 views

CVE-2002-1467

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via 1 an HTTP redirect, 2 a "file://" base in a web document, or 3 a relative URL from a web archive mht file...

5CVSS6.7AI score0.01907EPSS
Exploits1References4
Cvelist
Cvelist
added 2003/03/18 5:0 a.m.32 views

CVE-2002-1467

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via 1 an HTTP redirect, 2 a "file://" base in a web document, or 3 a relative URL from a web archive mht file...

6.6AI score0.01907EPSS
Exploits1References4
CVE
CVE
added 2003/03/18 5:0 a.m.57 views

CVE-2002-1467

CVE-2002-1467 affects the Macromedia Flash Plugin prior to 6.0.47.0, allowing remote attackers to bypass the same-domain restriction and read arbitrary files via (1) HTTP redirects, (2) a file:// base in a web document, or (3) a relative URL from a web archive (mht). The primary sources in the pr...

5CVSS6.7AI score0.01907EPSS
Exploits1References4Affected Software2
Rows per page
Query Builder