CentOS 8 : firefox (CESA-2019:2663)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:2663 advisory. - firefox: stored passwords in 'Saved Logins' can be copied without master password entry CVE-2019-11733 - Mozilla: Memory safety bugs fixed in Firefox...

CentOS 8 : thunderbird (CESA-2019:1799)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:1799 advisory. - Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 CVE-2019-11709 - Mozilla: Script injection within domain through inner window...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. This happens because no HTML escaping is being performed when processing quotes. This applies even when the :escapehtml option was being used in combination with :quote. Details Cross-site scripting or XSS is a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. The transfer state is serialised with the JSON.stringify function and then written into the HTML page. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

Information Disclosure

Adobe Flash Player is vulnerable to information disclosure. An attacker can make use of Same Origin Policy Bypass vulnerability to access critial information...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. The vulnerability exists through insufficient policy enforcement in networking that allows a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

Same-Origin Policy Bypass

chromium is vulnerable to same-origin policy bypass. Insufficient policy enforcement in extensions allows an attacker, who has convinced a user to install a malicious extension, to bypass same-origin policy via a malicious Chrome Extension...

Same-Origin Policy Bypass

chromoium is vulnerable to same origin policy bypass. Failure to dismiss http auth dialogs on navigation in Network Authentication allows a remote attacker to confuse the user about the origin of an auto dialog via a malicious HTML page...

Insecure Same Origin Policy

chromium does not properly performs same origin policy checks. A renderer initiated back navigation incorrectly cancels a browser initiated back nagivation and allows a remote attacker to confuse the user's browser on the origin of the current page via a malicious HTML page...

Same-Origin Policy Bypass

chromium is vulnerable to same-origin policy bypass. A remote attacker with access to the renderer process is able to bypass the same origin policy via a malicious HTML page...

EgavilanMedia User Registration And Login System With Admin Panel 1.0 CSRF

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Date: 01-12-2020 Exploit Author: Hardik Solanki Vendor Homepage: http://egavilanmedia.com Software Link:...

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Date: 01-12-2020 Exploit Author: Hardik Solanki Vendor Homepage: http://egavilanmedia.com Software Link:...

Microsoft Edge (Chromium) < 87.0.664.41 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.41. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-19-2020 advisory. - Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass...

CVE-2019-8075

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...

About the security content of Safari 13.1.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

CVE-2020-15992

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

CVE-2020-15992

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

DEBIAN-CVE-2020-15992

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

CVE-2020-15973

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension...

DEBIAN-CVE-2020-15973

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension...