6987 matches found
CVE-2014-0516
Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2014-0516
CVE-2014-0516 refers to a Same Origin Policy bypass in Adobe Flash Player and AIR SDK components. Publicly affected versions include Windows/macOS Flash Player prior to 13.0.0.214 and Linux prior to 11.2.202.359, as well as AIR SDK prior to 13.0.0.111 and AIR SDK & Compiler prior to 13.0.0.111. T...
Google Chrome < 34.0.1847.137 Multiple Vulnerabilities (Mac OS X)
The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.137. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. CVE-2014-0510 - An...
Adobe AIR <= AIR 13.0.0.83 Multiple Vulnerabilities (APSB14-14)
According to its version, the instance of Adobe AIR on the remote Windows host is 13.0.0.83 or earlier. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified use-after-free vulnerability exists that could allow for the execution of arbitrary code. CVE-2014-051...
Flash Player <= 13.0.0.206 Multiple Vulnerabilities (APSB14-14)
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 13.0.0.206. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified use-after-free vulnerability exists that could allow for the execution of arbitra...
Flash Player for Mac <= 13.0.0.206 Multiple Vulnerabilities (APSB14-14)
According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 13.0.0.206. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified use-after-free vulnerability exists that could allow for the execution of...
Adobe AIR for Mac <= 13.0.0.83 Multiple Vulnerabilities (APSB14-14)
According to its version, the instance of Adobe AIR on the remote Mac OS X host is 13.0.0.83 or earlier. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified use-after-free vulnerability exists that could allow for the execution of arbitrary code. CVE-2014-05...
MS KB2957151: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
The remote host is missing KB2957151. It is, therefore, affected by multiple vulnerabilities : - An unspecified use-after-free vulnerability exists that could allow for the execution of arbitrary code. CVE-2014-0510 - An unspecified vulnerability exists that could be used to bypass the same origi...
GLSA-201405-04 : Adobe Flash Player: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201405-04 Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a...
Internet Bug Bounty: Bypassing Same Origin Policy With JSONP APIs and Flash
Overview ======== This is a new type of web vulnerability that is made possible by two seemingly unrelated things: - the way JSONP APIs work - the way Flash handles malformed SWF files and has an effect and limitations similar to XSS flaws: - the user has to visit a website set up by the attacker...
[SECURITY] [DSA 2905-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2905-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 15, 2014 http://www.debian.org/security/faq -...
Respondly: x-frame options-sameorigin warning
As the x-frame options set to same-origin it still may be vulnerable to clickjacking attacks how? by using this code Better explanation: http://www.skeletonscribe.net/2012/06/x-frame-options-sameorigin-warning.html...
Localize: ClickJacking
It allows remote attackers to do some clickjacking which can be used for adding arbitrary tasks . Why? Almost all of your page has missing X-FRAME-OPTIONS header. Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to...
Debian DSA-2905-1 : chromium-browser - security update
Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-1716 A cross-site scripting issue was discovered in the v8 JavaScript library. - CVE-2014-1717 An out-of-bounds read issue was discovered in the v8 JavaScript library. - CVE-2014-1718 Aaron Staple discovered an intege...
[SECURITY] [DSA 2905-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2905-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 15, 2014 http://www.debian.org/security/faq -...
Internet Explorer Cross Domain Document Switching (MS09-019) - Ver2 (CVE-2007-3091)
Microsoft Internet Explorer is the most widely used Internet browser. An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a script that can create a race condition that could break the same-origin policy of Internet Explorer and re...
DSA-2905-1 chromium-browser - security update
Bulletin has no description...
Google Chrome拖处理本地文件路径伪造跨域绕过漏洞
CVE ID:CVE-2014-1726 Google Chrome是一款流行的WEB浏览器。 Google Chrome处理拖操作存在一个未明安全漏洞,可导致伪造本地文件路径,绕过同源策略。 0 Google Chrome 33.0.1750.154 Google Chrome 33.0.1750.152 Google Chrome 34.0.1847.116版本已修复该漏洞,建议用户下载使用: https://www.google.com/chrome/...
CVE-2014-1726
The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...
Design/Logic Flaw
The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...