CVE-2014-5318

The CVE-2014-5318 issue affects jigbrowser+ for iOS (versions 1.8.1 and earlier). A flaw in how the app loads web pages allows remote attackers to bypass the Same Origin Policy by injecting crafted JavaScript, enabling access to data across different domains. Affected component: the iOS web loadi...

jigbrowser+ for iOS same origin policy bypass

Overview jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

JVN#80531230: jigbrowser+ for iOS same origin policy bypass

jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Impact By using JavaScript, an attacker may obtain sensitive data from a different domain in violation of the same origin policy. Solution Update the Software Update to the late...

Updated flash-player-plugin packages fix multiple security vulnerabilities

Adobe Flash Player 11.2.202.406 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...

Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)

A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...

Android browser serious bug affecting half of Android users-vulnerability warning-the black bar safety net

Open source Android browser is found a affect half of Android users of a serious bug, which could allow a malicious web site injection JS script to access other site content, such as read passwords and cookies and other sensitive data. The browser will usually be designed to prevent a site script...

New Android Browser Vulnerability Is a “Privacy Disaster” for 70% Of Android Users

A Serious vulnerability has been discovered in the Web browser installed by default on a large number Approximately 70% of Android devices, that could allow an attacker to hijack users' open websites, and there is now a Metasploit module available to easily exploit this dangerous flaw. The exploi...

Back-and-Forth With Google Led to Disclosure of Android Browser Flaw

The researcher who originally discovered the same-origin policy bypass in the Android browser said he reported the vulnerability to Google some time ago, but that the company’s Android security team said it was unable to reproduce the issue. Rafay Baloch said he first reported the vulnerability t...

Flaw in Android Browser Allows Same Origin Policy Bypass

There’s a serious vulnerability in pre-4.4 versions of Android that allows an attacker to read the contents of other tabs in a browser when a user visits a page the attacker controls. The flaw is present in a huge percentage of the Android devices in use right now, and there’s now a Metasploit...

apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error

Title: Client-based DoS for Apache Tomcat on sending cookie with value out of 0x80 - 0xff scope. Author: Elar Lang @elarlang https://www.linkedin.com/in/elarlang Date: 02. January 2014 / 05. September 2014 Vendor: Apache Product: Tomcat Affected versions at least: 7.0.26 7.0.39 7.0.40 Timeline: 1...

SuSE 11.3 Security Update : flash-player (SAT Patch Number 9704)

Adobe Flash Player has been updated to 11.2.202.406 which fixes various security issues. These updates : - resolve a memory leakage vulnerability that could have been used to bypass memory address randomization. CVE-2014-0557 - resolve a security bypass vulnerability. CVE-2014-0554 - resolve a...

RHEL 5 / 6 : flash-plugin (RHSA-2014:1173)

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

flash-plugin: same origin policy bypass (APSB14-21)

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow...

Critical: Red Hat Security Advisory: flash-plugin security update

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

CVE-2014-0548

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow...

CVE-2014-0548

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow...

Design/Logic Flaw

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow...

UBUNTU-CVE-2014-0548

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow...

CVE-2014-0548

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow...

CVE-2014-0548

Summary (CVE-2014-0548) : Adobe Flash Player (and related AIR SDK packages) contains a vulnerability that could allow a remote bypass of the Same Origin Policy. The Mageia advisory MGASA-2014-0382 notes that Flash Player 11.2.202.406 fixes multiple security issues, including a bypass of the same-...