6939 matches found
Vimeo: Misconfigured crossdomain.xml - vimeo.com
An overly permissive crossdomain.xml file on a domain that serves sensitive content is a major security risk. It exposes the domain hosting the improperly configured crossomain.xml file to information disclosure and request forgery. Attackers cannot only forge requests, they can read responses...
Steal Facebook user information: using Android same origin policy vulnerability a malicious application is found-vulnerability warning-the black bar safety net
A few months ago we studied the Android same origin policy(SOP)of vulnerability, however recently there has been a use of this vulnerability to Facebook user attack a malicious application, which utilizes code based on the disclosed Metasploit test code. myhack58 science: the same-origin policy...
Hacking Facebook Accounts Using Android 'Same Origin Policy' Vulnerability
A serious security vulnerability has been discovered in the default web browser of the Android OS lower than 4.4 running on a large number of Android devices that allows an attacker to bypass the Same Origin Policy SOP. The Android Same Origin Policy SOP vulnerability CVE-2014-6041 was first...
Apple Safari 'Webkit' Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X
Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...
RHEL 6 : flash-plugin (RHSA-2014:1981)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2014:1981 advisory. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple...
Security update for flash-player (critical)
Flash-player was updated to version 11.2.202.245 fixing numerous vulnerabilities: memory corruption vulnerabilities that could lead to code execution CVE-2014-0587, CVE-2014-9164. use-after-free vulnerability that could lead to code execution CVE-2014-8443. stack-based buffer overflow vulnerabili...
CVE-2014-8453
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...
Design/Logic Flaw
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...
CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...
Design/Logic Flaw
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
Design/Logic Flaw
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors...
UBUNTU-CVE-2014-0580
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
UBUNTU-CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...
CVE-2014-8453
CVE-2014-8453 affects Cisco? (no) Actually affected product is Adobe Reader/Acrobat. The connected documents confirm that Adobe Reader/Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X are vulnerable. The underlying issue is a same-origin policy bypass, with exploit vectors ...
CVE-2014-8453
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2014-0580
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2014-0580
CVE-2014-0580 affects Adobe Flash Player prior to 13.0.0.259 and 14.x up to 16.x before 16.0.0.235 on Windows/OS X, and prior to 11.2.202.425 on Linux. The vulnerability allows remote attackers to bypass the Same Origin Policy via unspecified vectors. The available connected sources identify upda...
CVE-2014-4465
CVE-2014-4465 affects WebKit in Apple Safari: CSS tokens within an SVG in the SRC attribute of an IMG element can bypass Same Origin Policy. Affected products/versions include Safari/macOS WebKit builds prior to 6.2.1, 7.x prior to 7.1.1, and 8.x prior to 8.0.1. The issue enables cross-origin CSS...
CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...