8406 matches found
CVE-2017-2367
Removed by vendor...
CVE-2017-2367
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web...
CVE-2017-2386
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web...
CVE-2017-2442
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...
UBUNTU-CVE-2017-2442
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...
UBUNTU-CVE-2017-2367
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web...
UBUNTU-CVE-2017-2386
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web...
Insecure 'Access-Control-Allow-Origin' Header
Cross Origin Resource Sharing CORS is an HTML5 technology which gives modern web browsers the ability to bypass restrictions implemented by the Same Origin Policy. The Same Origin Policy requires that both the JavaScript and the page are loaded from the same domain in order to allow JavaScript to...
Insecure Cross-Domain Policy (allow-http-request-headers-from)
The browser security model normally prevents web content from one domain from accessing data from another domain. This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data. They permit operations that are not permitted by default. The URL...
Insecure Client-Access Policy
The browser security model normally prevents web content from one domain from accessing data from another domain. This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data. They permit operations that are not permitted by default. The URL...
USN-3216-2: Firefox regression
USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to openi...
USN-3216-2 firefox regression
USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to openi...
CVE-2016-10308
Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the...
Cross-Site WebSocket Hijack
zeppelin-server is vulnerable to cross-site websocket hijacking because the websockets are not restrained by the same-origin policy. This could allow an attacker to create a malicious website and trick the user into opening it...
Delux Same Day Delivery Script 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Delux Same Day Delivery Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/delux-same-day-delivery Demo:...
Delux Same Day Delivery Script 1.0 - SQL Injection
Delux Same Day Delivery Script 1.0 - SQL Injection Exploit Title: Delux Same Day Delivery Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/delux-same-day-delivery Demo:...
Delux Same Day Delivery Script 1.0 SQL Injection
Exploit Title: Delux Same Day Delivery Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/delux-same-day-delivery Demo: http://deluxesameday.logistic-softwares.com/ Version: 1.0 Tested on: Win7 x64, Kali...
Delux Same Day Delivery Script 1.0 - SQL Injection
Exploit Title: Delux Same Day Delivery Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/delux-same-day-delivery Demo: http://deluxesameday.logistic-softwares.com/ Version: 1.0 Tested on: Win7 x64, Kali...
USN-3233-1 thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, cause a denial of service via application...
Updated thunderbird packages fix security vulnerability
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. CVE-2017-5400 A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may...