Microsoft Exchange Server Same-Origin Policy Bypass Vulnerability

Microsoft Exchange Server is an enterprise-class mail service program. A same-origin policy bypass vulnerability exists in Microsoft Exchange Server, which could be exploited by a remote attacker to submit a special web application request to bypass the same-origin policy and obtain sensitive...

Adobe Flash Player Homologation Policy Bypasses Information Disclosure Vulnerability

Adobe Flash Player is a Flash file handling program. Adobe Flash Player suffers from a same-origin policy bypass vulnerability, which allows remote attackers to exploit the vulnerability to construct malicious SWF content that can be parsed by the user and can be used to obtain sensitive...

Adobe Flash Player Same-Origin Policy Bypass Information Disclosure Vulnerability (CNVD-2015-03774)

Adobe Flash Player is a Flash file handling program. Adobe Flash Player suffers from a same-origin policy bypass vulnerability, which allows remote attackers to exploit the vulnerability to construct malicious SWF content that can be parsed by the user and can be used to obtain sensitive...

Adobe Flash Player Same Origin Policy Bypass Information Disclosure Vulnerability (CNVD-2015-03801)

Adobe Flash Player is a Flash file handling program. Adobe Flash Player suffers from a same-origin policy bypass vulnerability, which allows remote attackers to exploit the vulnerability to construct malicious SWF content that can be parsed by the user and can be used to obtain sensitive...

Microsoft Exchange Server Privilege Escalation Vulnerability (3062157)

This host is missing an important security update according to Microsoft Bulletin MS15-064. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Microsoft Exchange Server CVE-2015-1764 Same Origin Policy Security Bypass Vulnerability

Description Microsoft Exchange Server is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the same-origin policy, obtain sensitive information and perform unauthorized actions. This could be used to steal sensitive information or launch other attacks...

Google Chrome < 43.0.2357.124 Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.124. It is, therefore, affected by multiple vulnerabilities related to Adobe Flash : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. CVE-2015-3096 - Multiple...

Google Chrome < 43.0.2357.124 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.124. It is, therefore, affected by multiple vulnerabilities related to Adobe Flash : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. CVE-2015-3096 - An...

Multiple Blue Coat Systems SSL Visibility Appliance Products Incorrectly Enter Authentication Vulnerabilities

Blue Coat Systems SSL Visibility Appliance SV800 and others are products of Blue Coat Systems, U.S.A. The Blue Coat SSL Visibility Appliance SV800 is a management platform that provides complete visibility into encrypted traffic. The appliance offers features such as a dedicated encrypted traffic...

chromium-browser: Cross-origin bypass in Editing.

core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing...

chromium-browser: Cross-origin bypass in DOM.

core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 43.0.2357.65 fixes a number of security issues: Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. CVE-2015-1251...

MGASA-2015-0235 Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 43.0.2357.65 fixes a number of security issues: Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. CVE-2015-1251...

USN-2610-1 oxide-qt vulnerabilities

Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. CVE-2015-1253, CVE-2015-1254 A use-after-free was discovered in the...

chromium: multiple issues

CVE-2015-1251 arbitrary code execution Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem allows remote attackers to execute arbitrary code via a crafted document. - CVE-2015-1252 sandbox protection bypass It has been discovered that...

Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2015-03354)

Blink is a browser typography engine developed by Google and Opera Software. Blink suffers from a same-origin policy bypass vulnerability. It allows remote attackers to bypass the same-origin policy via carefully crafted JavaScript code...

Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2015-03353)

Blink is a browser typography engine developed by Google and Opera Software. Blink suffers from a same-origin policy bypass vulnerability. Allows remote attackers to bypass the same-origin policy by exploiting the availability of editors...

Google Chrome < 43.0.2357.65 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 43.0.2357.65. It is, therefore, affected by multiple vulnerabilities as referenced in the 201505stable-channel-update19 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers...

CVE-2015-1254

core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing...

CVE-2015-1253

core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...