15 matches found
EUVD-2013-4451
Malware in sbrugna...
EUVD-2003-0633
Malware in sbrugna...
EUVD-2023-54353
Malicious code in bioql PyPI...
CVE-2020-24579
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality...
Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been
The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...
Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been
The Mozilla Foundation Security Advisory describes this flaw as: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to...
IBM i2 Enterprise Insight Analysis Information Disclosure Vulnerability (CNVD-2018-26230)
IBM i2 Enterprise Insight Analysis is a suite of data analytics and integration solutions from IBM USA. The product is characterized by interoperability and scalability. An information disclosure vulnerability exists in IBM i2 Enterprise Insight Analysis version 2.1.7, which originates when a...
CVE-2013-4595
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page...
Code injection
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page...
CVE-2013-4595
The CVE-2013-4595 entry concerns the Drupal Secure Pages module (6.x-2.x) prior to 6.x-2.0. A URL matching flaw caused HTTP to be used instead of HTTPS, potentially exposing sensitive data via crafted pages. Remediation is to upgrade to Secure Pages 6.x-2.0. The Drupal core is not affected.
CVE-2013-4595
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page...
Security changes in Opera 20 update
Security Security changes in Opera 20 update Share March 13th, 2014 We have just released a silent update of Opera 20, you would most likely not even have noticed. From a security perspective, we have made two interesting changes in this update. The first one regards what we call the badge, the...
SA-CONTRIB-2011-011 - Secure Pages - Open redirect
The Secure Pages module allows administrators to choose certain URLs that must be delivered over HTTPS. An open redirection bug allows an attacker to formulate a URL in a way that redirects the user to an arbitrarily provided URL. Versions affected Secure Pages module for Drupal 6.x versions prio...
Hatena Toolbar sends URL information unecnrypted
Overview Hatena Toolbar improperly sends URL information to the Hatena server without being encrypted when a user views a web page secured by SSL. Impact When a user of Hatena Toolbar views a SSL secured web page, an attacker could obtain the information contained in the URL such as a session ID...
Storesprite XSS vuln.
Storesprite XSS vuln. Vuln. discovered by : r0t Date: 10 August 2007 vendor:http://www.storesprite.com/ orginal advisory: http://pridels-team.blogspot.com/2007/08/storesprite-xss-vuln.html affected versions:Storesprite 7 and previous Storesprite contains a flaw that allows a remote Cross-Site...