8369 matches found
CVE-2015-1156
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...
CVE-2015-1155
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...
CVE-2015-1156
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...
Design/Logic Flaw
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...
Design/Logic Flaw
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...
UBUNTU-CVE-2015-1156
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...
CVE-2015-1155
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...
CVE-2015-1156
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...
CVE-2015-1156
CVE-2015-1156 affects WebKit as used by Apple Safari: the page-loading implementation does not correctly handle the rel attribute in an A element, allowing a crafted site to bypass the Same Origin Policy for a link’s target and spoof the user interface. Affected Safari/WebKit versions include bef...
Apple Safari WebKit bypasses same-origin policy vulnerability (CNVD-2015-02943)
WebKit is the open source web browser engine currently used by Safari, Chrome and other browsers. A bypass same-origin policy vulnerability exists in Apple Safari before 6.2.6, 7.1.6 before 7.x,8.0.6 before 8.x using WebKit's history implementation, which allows remote attackers to bypass the...
Apple Safari WebKit bypasses same-origin policy vulnerability (CNVD-2015-02944)
WebKit is the open source web browser engine currently used by Safari, Chrome and other browsers. Apple Safari before 6.2.6, 7.1.6 before 7.x,8.0.6 before 8.x versions using WebKit's page-loading implementation suffers from a bypassing the same-origin policy vulnerability that stems from its...
CVE-2015-1155
CVE-2015-1155 - WebKit history implementation flaw allows remote attackers to bypass Same Origin Policy and read arbitrary files via a crafted site. Affected: WebKit used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6. Remediation: apply the vendor patches that fix the histo...
CVE-2015-1155
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...
UBUNTU-CVE-2015-1155
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...
Mozilla Firefox < 37.0 Multiple Vulnerabilities
Binary data 8742.prm...
Debian DSA-3238-1 : chromium-browser - security update
Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. - CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. - CVE-2015-1237 Khalil Zhani discovered a use-after-fr...
Ubuntu: Security Advisory (USN-2570-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2570-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2570-1 advisory. An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially...
USN-2570-1: Oxide vulnerabilities
An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...
USN-2570-1 oxide-qt vulnerabilities
An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...