Lucene search
K

46 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2020-20461

Malware in sbrugna...

7.5CVSS7.4AI score0.00514EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.201 views

Samsung Internet Browser SOP Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...

7.5CVSS7.1AI score0.78843EPSS
Exploits7
NVD
NVD
added 2022/07/07 4:15 p.m.35 views

CVE-2015-5236

It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...

7.5CVSS0.00708EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/07/07 4:15 p.m.33 views

CVE-2015-5236

It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...

7.5CVSS7AI score0.00708EPSS
Exploits1References2
CVE
CVE
added 2022/07/07 3:54 p.m.65 views

CVE-2015-5236

The CVE-2015-5236 entry concerns IcedTea-Web, where the codebase attribute of the HTML tag used in the SOP check is not required to match the applet’s actual origin. This could allow a malicious site to bypass Same Origin Policy by spoofing the codebase value. Public documentation provided refer...

7.5CVSS7.4AI score0.00708EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/09/13 12:15 p.m.22 views

CVE-2020-27969

Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing...

7.5CVSS0.00514EPSS
Exploits0References1
Prion
Prion
added 2021/09/13 12:15 p.m.16 views

Spoofing

Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing...

7.5CVSS7.1AI score0.00514EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/09/13 11:44 a.m.59 views

CVE-2020-27969

CVE-2020-27969 affects Yandex Browser for Android (version 20.8.4). Multiple sources describe a vulnerability enabling remote SOP bypass and address bar spoofing. The available connected documents note the software and impact but do not provide root-cause details or a published fix/remediation. I...

7.5CVSS7.1AI score0.00514EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/13 11:44 a.m.23 views

CVE-2020-27969

Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing...

7.2AI score0.00514EPSS
Exploits0References1
Hacker One
Hacker One
added 2021/06/02 4:4 a.m.41 views

Mail.ru: Bypassing SOP with XSS on account.my.games leading to steal CSRF token and user information

Incorrect CORS settings on account.my.games, allowed access to user information registration IP, email, username, birthday, profile visibility from .my.com. Vulnerability demonstrated by XSS at warofdragons.my.games...

3.8AI score
Exploits0
Hacker One
Hacker One
added 2021/01/29 2:51 a.m.15 views

Brave Software: Onion-Location header allows to open arbitrary URLs including chrome:

The "Open in Tor" feature in Brave Nightly for OSX allowed arbitrary URLs to be opened through the Onion-Location response header, including privileged URLs such as chrome://restart/. This could be exploited to bypass SOP restrictions and gain access to privileged URLs...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2020/05/06 9:37 p.m.135 views

BTFS: misconfigured CORS let to HPP and SOP bypass

Hello team, I found a bug on your website that let me bypass the SOP policy. Hope you fix it, everything is in the video https://www.youtube.com/watch?v=PYsU350S-s4 Impact The attacker my direct a victim to a phishing page of www.bitterrent.com/login and he/she will be convince to enter their ema...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/10/29 9:30 a.m.61 views

Critical: Red Hat Security Advisory: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

9.6CVSS6.9AI score0.01443EPSS
Exploits0References44
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2019/09/10 12:0 a.m.35 views

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 77 to the Stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 77.0.3865.75 contains a number of fixes and improvements -- a full list of changes in this build is available in the log. Wat...

9.6CVSS7.4AI score0.01443EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2019/04/12 3:29 a.m.17 views

Mail.ru: Reflected cross site scripting at https://auto.mail.ru/reviews/add_review/ via problems_text parameter.

Description https://auto.mail.ru is vulnerable for xss. It is possible for an attacker to inject arbitrary JavaScript in application response Step to reproduce 1. Open the below link in Firefox...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2018/06/20 4:39 p.m.18 views

Brave Software: Navigation to restricted origins via "Open in new tab"

Summary: It's possible to open links pointing to file:/// origin from web pages using "Open link in a new tab" in context menu. https://hackerone.com/bugs?reportid=369185 shows unsafe ssh:// protocol handling, which leads to information leak using sshOS username and etc.. The vulnerability is...

6.4AI score
Exploits0
0day.today
0day.today
added 2018/01/03 12:0 a.m.55 views

Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS Vulnerabilities

Samsung Internet Browser version 6.2.01.12 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code. From: https://poctestblog.blogspot.co.uk/2017/12/samsung-internet-browser-sop-bypassuxss.html Samsung Internet Browser SOP Bypass/UXSS...

6.3AI score0.00942EPSS
Exploits2
seebug.org
seebug.org
added 2018/01/02 12:0 a.m.36 views

Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS

Samsung Internet Browser SOP Bypass/UXSS There is a Same Origin Policy bypass / Universal Cross Site Scripting issue in Samsung Internet Browser tested on latest version - 6.2.01.12. First of all, using the combination of MHTML and XSLT ends up resulting in a weird interaction. When you create an...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2017/12/29 1:25 a.m.31 views

Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser

A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692, the vulnerability is Sa...

5CVSS7.3AI score0.78843EPSS
Exploits7
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.47 views

Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

6.8AI score
Exploits0
Rows per page
Query Builder