Lucene search
K

6939 matches found

Hacker One
Hacker One
added 2015/01/09 5:49 a.m.28 views

Vimeo: Misconfigured crossdomain.xml - vimeo.com

An overly permissive crossdomain.xml file on a domain that serves sensitive content is a major security risk. It exposes the domain hosting the improperly configured crossomain.xml file to information disclosure and request forgery. Attackers cannot only forge requests, they can read responses...

6.7AI score
Exploits0
myhack58
myhack58
added 2014/12/30 12:0 a.m.27 views

Steal Facebook user information: using Android same origin policy vulnerability a malicious application is found-vulnerability warning-the black bar safety net

A few months ago we studied the Android same origin policy(SOP)of vulnerability, however recently there has been a use of this vulnerability to Facebook user attack a malicious application, which utilizes code based on the disclosed Metasploit test code. myhack58 science: the same-origin policy...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2014/12/29 12:39 a.m.35 views

Hacking Facebook Accounts Using Android 'Same Origin Policy' Vulnerability

A serious security vulnerability has been discovered in the default web browser of the Android OS lower than 4.4 running on a large number of Android devices that allows an attacker to bypass the Same Origin Policy SOP. The Android Same Origin Policy SOP vulnerability CVE-2014-6041 was first...

5.8CVSS8.2AI score0.18278EPSS
Exploits7
OpenVAS
OpenVAS
added 2014/12/16 12:0 a.m.31 views

Apple Safari 'Webkit' Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

7.5CVSS5.1AI score0.03108EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.42 views

RHEL 6 : flash-plugin (RHSA-2014:1981)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2014:1981 advisory. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple...

10CVSS6.1AI score0.20356EPSS
Exploits2References13
OPENSUSE Linux
OPENSUSE Linux
added 2014/12/12 12:5 a.m.26 views

Security update for flash-player (critical)

Flash-player was updated to version 11.2.202.245 fixing numerous vulnerabilities: memory corruption vulnerabilities that could lead to code execution CVE-2014-0587, CVE-2014-9164. use-after-free vulnerability that could lead to code execution CVE-2014-8443. stack-based buffer overflow vulnerabili...

10CVSS3.8AI score0.20356EPSS
Exploits2
NVD
NVD
added 2014/12/10 9:59 p.m.16 views

CVE-2014-8453

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors...

5CVSS6.6AI score0.12556EPSS
Exploits0References1
NVD
NVD
added 2014/12/10 9:59 p.m.21 views

CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...

5CVSS6.1AI score0.022EPSS
Exploits0References6
Prion
Prion
added 2014/12/10 9:59 p.m.21 views

Design/Logic Flaw

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...

5CVSS6.7AI score0.022EPSS
Exploits0References6Affected Software3
UbuntuCve
UbuntuCve
added 2014/12/10 9:59 p.m.29 views

CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...

5CVSS5.9AI score0.022EPSS
Exploits0References3
Prion
Prion
added 2014/12/10 9:59 p.m.15 views

Design/Logic Flaw

Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

10CVSS7.1AI score0.0585EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2014/12/10 9:59 p.m.18 views

Design/Logic Flaw

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors...

5CVSS7.1AI score0.12556EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2014/12/10 9:59 p.m.0 views

UBUNTU-CVE-2014-0580

Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

10CVSS5.8AI score0.0585EPSS
Exploits0References3
OSV
OSV
added 2014/12/10 9:59 p.m.2 views

UBUNTU-CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...

5CVSS5.8AI score0.022EPSS
Exploits0References4
CVE
CVE
added 2014/12/10 9:0 p.m.65 views

CVE-2014-8453

CVE-2014-8453 affects Cisco? (no) Actually affected product is Adobe Reader/Acrobat. The connected documents confirm that Adobe Reader/Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X are vulnerable. The underlying issue is a same-origin policy bypass, with exploit vectors ...

5CVSS6.6AI score0.12556EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2014/12/10 9:0 p.m.15 views

CVE-2014-8453

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors...

6.5AI score0.12556EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/12/10 9:0 p.m.24 views

CVE-2014-0580

Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

6.5AI score0.0585EPSS
Exploits0References1
CVE
CVE
added 2014/12/10 9:0 p.m.77 views

CVE-2014-0580

CVE-2014-0580 affects Adobe Flash Player prior to 13.0.0.259 and 14.x up to 16.x before 16.0.0.235 on Windows/OS X, and prior to 11.2.202.425 on Linux. The vulnerability allows remote attackers to bypass the Same Origin Policy via unspecified vectors. The available connected sources identify upda...

10CVSS6.6AI score0.0585EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/12/10 9:0 p.m.72 views

CVE-2014-4465

CVE-2014-4465 affects WebKit in Apple Safari: CSS tokens within an SVG in the SRC attribute of an IMG element can bypass Same Origin Policy. Affected products/versions include Safari/macOS WebKit builds prior to 6.2.1, 7.x prior to 7.1.1, and 8.x prior to 8.0.1. The issue enables cross-origin CSS...

5CVSS6.1AI score0.022EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2014/12/10 9:0 p.m.30 views

CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets CSS token sequences within an SVG file in the SRC attribute of an IMG element...

6.1AI score0.022EPSS
Exploits0References6
Rows per page
Query Builder