6939 matches found
CVE-2014-0548
Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow...
Design/Logic Flaw
Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow...
UBUNTU-CVE-2014-0548
Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow...
CVE-2014-0548
Summary (CVE-2014-0548) : Adobe Flash Player (and related AIR SDK packages) contains a vulnerability that could allow a remote bypass of the Same Origin Policy. The Mageia advisory MGASA-2014-0382 notes that Flash Player 11.2.202.406 fixes multiple security issues, including a bypass of the same-...
CVE-2014-0548
Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow...
CVE-2014-3620
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain...
UBUNTU-CVE-2014-3620
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain...
Adobe Flash Player Same Origin Policy Bypass (APSB14-14; CVE-2014-0516)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Android Browser Same Origin Policy Bypass Vulnerability
A SOP bypass occurs when a sitea.com is some how able to access the properties of siteb.com such as cookies, location, response etc. Due to the nature of the issue and potential impact, this is very rarely found in modern browsers. However, they are found once in a while. Vulnerability: Android...
CVE-2014-6041
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open'\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser...
Design/Logic Flaw
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open'\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser...
CVE-2014-6041
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open'\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser...
CVE-2014-6041
CVE-2014-6041 is a UXSS/SOP bypass in Android’s stock browser (AOSP) prior to 4.4 and in WebView, enabling cross-site script execution via crafted input containing a null character. Affected: Android stock browser before 4.4 and apps using WebView. Impact: partial confidentiality and integrity th...
Android Browser Same Origin Policy Bypass
Vulnerability: Android Browser Same Origin Policy Bypass Impact: High/Critical Authors: Rafay Baloch Company: RHAinfoSEC Website: http://rhainfosec.com http://rafayhackingarticles.net Introduction Same Origin Policy SOP is one of the most important security mechanisms that are applied in modern...
openSUSE Security Update : chromium (openSUSE-SU-2014:0982-1)
Chromium was updated to version 36.0.1985.125. New Functionality : - Rich Notifications Improvements - An Updated Incognito / Guest NTP design - The addition of a Browser crash recovery bubble - Chrome App Launcher for Linux - Lots of under the hood changes for stability and performance Security...
chromium: update to 36.0.1985.125 (important)
Chromium was updated to version 36.0.1985.125. New Functionality: Rich Notifications Improvements An Updated Incognito / Guest NTP design The addition of a Browser crash recovery bubble Chrome App Launcher for Linux Lots of under the hood changes for stability and performance Security Fixes...
openSUSE: Security Advisory for chromium (openSUSE-SU-2014:0982-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-2227
The default Flash cross-domain policy crossdomain.xml in Ubiquiti Networks UniFi Video formerly AirVision aka AirVision Controller before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file...
CVE-2014-2227
The default Flash cross-domain policy crossdomain.xml in Ubiquiti Networks UniFi Video formerly AirVision aka AirVision Controller before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file...
CVE-2014-2227
The CVE-2014-2227 issue affects Ubiquiti Networks UniFi Video (AirVision Controller) before 3.0.1, where the default crossdomain.xml (Flash cross-domain policy) fails to restrict access, allowing remote attackers to bypass the Same Origin Policy via a crafted SWF file. This enables attacks such a...