Lucene search
K

6987 matches found

Cvelist
Cvelist
added 2014/09/02 10:0 a.m.25 views

CVE-2014-6041

The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open'\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser...

8.4AI score0.18278EPSS
Exploits7References8
Packet Storm
Packet Storm
added 2014/09/01 12:0 a.m.26 views

Android Browser Same Origin Policy Bypass

Vulnerability: Android Browser Same Origin Policy Bypass Impact: High/Critical Authors: Rafay Baloch Company: RHAinfoSEC Website: http://rhainfosec.com http://rafayhackingarticles.net Introduction Same Origin Policy SOP is one of the most important security mechanisms that are applied in modern...

Exploits0
Tenable Nessus
Tenable Nessus
added 2014/08/12 12:0 a.m.36 views

openSUSE Security Update : chromium (openSUSE-SU-2014:0982-1)

Chromium was updated to version 36.0.1985.125. New Functionality : - Rich Notifications Improvements - An Updated Incognito / Guest NTP design - The addition of a Browser crash recovery bubble - Chrome App Launcher for Linux - Lots of under the hood changes for stability and performance Security...

7.5CVSS8.2AI score0.01745EPSS
Exploits0References12
OPENSUSE Linux
OPENSUSE Linux
added 2014/08/11 10:9 a.m.30 views

chromium: update to 36.0.1985.125 (important)

Chromium was updated to version 36.0.1985.125. New Functionality: Rich Notifications Improvements An Updated Incognito / Guest NTP design The addition of a Browser crash recovery bubble Chrome App Launcher for Linux Lots of under the hood changes for stability and performance Security Fixes...

7.5CVSS0.4AI score0.01745EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2014/08/11 12:0 a.m.32 views

openSUSE: Security Advisory for chromium (openSUSE-SU-2014:0982-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.01745EPSS
Exploits0References1
NVD
NVD
added 2014/07/25 7:55 p.m.24 views

CVE-2014-2227

The default Flash cross-domain policy crossdomain.xml in Ubiquiti Networks UniFi Video formerly AirVision aka AirVision Controller before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file...

6CVSS6.6AI score0.02173EPSS
Exploits2References3
Cvelist
Cvelist
added 2014/07/25 7:0 p.m.30 views

CVE-2014-2227

The default Flash cross-domain policy crossdomain.xml in Ubiquiti Networks UniFi Video formerly AirVision aka AirVision Controller before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file...

6.6AI score0.02173EPSS
Exploits2References3
CVE
CVE
added 2014/07/25 7:0 p.m.50 views

CVE-2014-2227

The CVE-2014-2227 issue affects Ubiquiti Networks UniFi Video (AirVision Controller) before 3.0.1, where the default crossdomain.xml (Flash cross-domain policy) fails to restrict access, allowing remote attackers to bypass the Same Origin Policy via a crafted SWF file. This enables attacks such a...

6CVSS6.8AI score0.02173EPSS
Exploits2References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/07/24 12:0 a.m.40 views

Firefox < 31.0 Multiple Vulnerabilities

The version of Firefox installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may...

10CVSS7.5AI score0.06109EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2014/07/24 12:0 a.m.31 views

Firefox < 31.0 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may...

10CVSS7.4AI score0.06109EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2014/07/24 12:0 a.m.30 views

Mozilla Thunderbird < 31.0 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which...

10CVSS8.3AI score0.06109EPSS
Exploits0References20
NVD
NVD
added 2014/07/23 11:12 a.m.20 views

CVE-2014-1552

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...

5.8CVSS6.2AI score0.01257EPSS
Exploits0References8
Prion
Prion
added 2014/07/23 11:12 a.m.16 views

Cross site request forgery (csrf)

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...

5.8CVSS6.8AI score0.01257EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2014/07/23 10:0 a.m.22 views

CVE-2014-1552

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...

9.2AI score0.01257EPSS
Exploits0References8
CVE
CVE
added 2014/07/23 10:0 a.m.115 views

CVE-2014-1552

CVE-2014-1552 is referenced in a 2014 Mozilla/Firefox advisory set (SUSE-SU-2014:0960-1) and in MFSA2014-66, with openVAS entries tying Firefox-related advisories to this CVE. The SUSE advisory lists CVE-2014-1552 among fixed items for Mozilla products, and shows a high severity/impact context (c...

5.8CVSS9AI score0.01257EPSS
Exploits0References8Affected Software2
UbuntuCve
UbuntuCve
added 2014/07/22 12:0 a.m.25 views

CVE-2014-1552

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect...

5.8CVSS6.7AI score0.01257EPSS
Exploits0References4
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.34 views

IFRAME sandbox same-origin access through redirect — Mozilla

Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval...

5.8CVSS9AI score0.01257EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2014/07/20 11:12 a.m.16 views

CVE-2014-3160

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file...

6.8CVSS5.9AI score0.01343EPSS
Exploits0References8
NVD
NVD
added 2014/07/20 11:12 a.m.12 views

CVE-2014-3161

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayerandroid.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video...

7.5CVSS6.1AI score0.00875EPSS
Exploits0References3
Prion
Prion
added 2014/07/20 11:12 a.m.29 views

Design/Logic Flaw

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file...

6.8CVSS6.5AI score0.01343EPSS
Exploits0References8Affected Software2
Rows per page
Query Builder