Lucene search
K

6939 matches found

Cvelist
Cvelist
added 2015/03/13 5:0 p.m.20 views

CVE-2015-0337

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

9.4AI score0.0442EPSS
Exploits0References8
VulnCheck KEV
VulnCheck KEV
added 2015/03/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-0072

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

4.3CVSS5.9AI score0.71698EPSS
Exploits5References1
Hacker One
Hacker One
added 2015/02/28 6:36 p.m.21 views

Vimeo: URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io

Hi, Brief This is an urgent issue and I hope you will act on it likewise. Your subdomain status.vimeo.com is pointing to hosted.statuspage.io, but no statuspage was connected to it. This means that anyone can claim the subdomain by setting up a statuspage.io site and using "status.vimeo.com" as t...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2015/02/12 12:35 a.m.48 views

Mail.ru: Same Origin Policy bypass

Hi, After small investigation I've probably found something that can be exploited to bypass Same Origin Policy on mail.ru services specially your main domain and e.mail.ru. First of all - let's take a look about your crossdomain.xml both for mail.ru and e.mail.ru: After time spent on searching...

7.1AI score
Exploits0
Mageia
Mageia
added 2015/02/11 8:47 p.m.52 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 allows remote attacke...

7.5CVSS7.5AI score0.02854EPSS
Exploits0References4
OSV
OSV
added 2015/02/11 8:47 p.m.10 views

MGASA-2015-0062 Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 allows remote attacke...

7.5CVSS7.5AI score0.02854EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/02/11 12:0 a.m.53 views

Google Chrome < 40.0.2214.91 Multiple Vulnerabilities

Binary data 8889.pasl...

7.5CVSS8AI score0.02217EPSS
Exploits0References2
CNVD
CNVD
added 2015/02/11 12:0 a.m.3 views

Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability

Cisco Prime Infrastructure is an all-in-one package that provides complete infrastructure wired and wireless and mobile lifecycle management provisioning, monitoring, troubleshooting, fixing, and reporting. A cross-framework scripting vulnerability exists in Cisco Prime Infrastructure that could...

4.3CVSS6.5AI score0.01476EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/02/11 12:0 a.m.33 views

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2495-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2495-1 advisory. A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker cou...

7.5CVSS8.8AI score0.02854EPSS
Exploits0References5
securityvulns
securityvulns
added 2015/02/11 12:0 a.m.58 views

Major Internet Explorer Vulnerability - NOT Patched

Deusen just published code and description here: http://www.deusen.co.uk/items/insider3show.3362009741042107/ which demonstrates the serious security issue. Summary An Internet Explorer vulnerability is shown here: Content of dailymail.co.uk can be changed by external domain. How To Use 1. Close...

Exploits0
RedHat Linux
RedHat Linux
added 2015/02/10 9:33 p.m.3 views

chromium-browser: cross-origin-bypass in V8 bindings

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...

5CVSS7.4AI score0.01985EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2015/02/10 5:56 p.m.73 views

USN-2495-1: Oxide vulnerabilities

A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed rende...

7.5CVSS8.7AI score0.02854EPSS
Exploits0
NVD
NVD
added 2015/02/07 7:59 p.m.27 views

CVE-2015-0072

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

4.3CVSS5.1AI score0.71698EPSS
Exploits5References12
Prion
Prion
added 2015/02/07 7:59 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

4.3CVSS5.4AI score0.71698EPSS
Exploits5References12Affected Software1
Cvelist
Cvelist
added 2015/02/07 6:0 p.m.30 views

CVE-2015-0072

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

5.1AI score0.71698EPSS
Exploits5References12
CVE
CVE
added 2015/02/07 6:0 p.m.87 views

CVE-2015-0072

CVE-2015-0072 describes a Universal XSS (UXSS) in Internet Explorer 9–11, allowing remote injection of script by abusing IFRAME-based redirects and WindowProxy eval to bypass Same Origin Policy. The vulnerability affects Microsoft Internet Explorer versions 6–11 and can lead to arbitrary code exe...

4.3CVSS5.1AI score0.71698EPSS
Exploits5References12Affected Software1
NVD
NVD
added 2015/02/06 11:59 a.m.22 views

CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...

5CVSS6.1AI score0.01985EPSS
Exploits0References15
Prion
Prion
added 2015/02/06 11:59 a.m.26 views

Design/Logic Flaw

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...

5CVSS6.5AI score0.01985EPSS
Exploits0References15Affected Software8
CVE
CVE
added 2015/02/06 11:0 a.m.79 views

CVE-2015-1210

CVE-2015-1210 is a cross-origin bypass vulnerability in the Chrome/Blink V8 bindings. The issue arises in V8ThrowException::createDOMException within bindings/core/v8/V8ThrowException.cpp, which does not properly enforce frame access restrictions when throwing exceptions. A remote attacker could ...

5CVSS6AI score0.01985EPSS
Exploits0References15Affected Software1
Cvelist
Cvelist
added 2015/02/06 11:0 a.m.28 views

CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...

5.9AI score0.01985EPSS
Exploits0References15
Rows per page
Query Builder