8277 matches found
CVE-2009-1697
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting XSS attacks...
CVE-2009-1681
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
Design/Logic Flaw
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
CVE-2009-1681
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
CVE-2009-1681
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
CVE-2009-1681
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
CVE-2009-1681
Summary: CVE-2009-1681 affects WebKit in Apple Safari (and iPhone OS variants) where loading third-party content into a subframe bypasses the Same Origin Policy, enabling clickjacking. The connected documents provide detailed CVE entries and advisories, notably Debian DSA-1950-1 and openVAS/Nessu...
CVE-2009-1681
Removed by vendor...
Cumulative Security Update for Internet Explorer (969897)
This host is missing a critical security update according to Microsoft Bulletin MS09-019. OpenVAS Vulnerability Test $Id: secpodms09-019.nasl 6527 2017-07-05 05:56:34Z cfischer $ Cumulative Security Update for Internet Explorer 969897 Authors: Sharath S Updated By: Madhuri D on 2010-12-01 - To...
PT-2009-3704 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 7 for various Windows operating systems Description: The issue allows remote attackers to bypass the Same Origin Policy, potentially leading to information disclosure. This is due to the...
Cumulative Security Update for Internet Explorer (969897)
This host is missing a critical security update according to Microsoft Bulletin MS09-019. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Internet Explorer Cross Domain Document Switching (MS09-019; CVE-2007-3091)
Microsoft Internet Explorer is the most widely used Internet browser. An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a script that can create a race condition that could break the same-origin policy of Internet Explorer and re...
Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security...
Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure
Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure source: https://www.securityfocus.com/bid/35200/info Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin...
Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure
source: https://www.securityfocus.com/bid/35200/info Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a...
WebKit - 'parent/top' Cross Domain Scripting
source: https://www.securityfocus.com/bid/35441/info WebKit is prone to a cross-domain scripting vulnerability. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other...
WebKit - parenttop Cross Domain Scripting
WebKit - parenttop Cross Domain Scripting source: https://www.securityfocus.com/bid/35441/info WebKit is prone to a cross-domain scripting vulnerability. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofi...
Safari < 3.2.3 Multiple Vulnerabilities
The version of Safari installed on the remote Windows host is earlier than 3.2.3. Such versions are potentially affected by several issues : - A heap-based buffer overflow issue in the libxml library when handling long entity names could lead to a crash or arbitrary code execution. CVE-2008-3529 ...
Debian DSA-1797-1 : xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0652 Moxie Marlinspike discovered that Unicode box drawi...
Debian: Security Advisory (DSA-1797-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...