46 matches found
EUVD-2020-20461
Malware in sbrugna...
Samsung Internet Browser SOP Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...
CVE-2015-5236
It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...
CVE-2015-5236
It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...
CVE-2015-5236
The CVE-2015-5236 entry concerns IcedTea-Web, where the codebase attribute of the HTML tag used in the SOP check is not required to match the applet’s actual origin. This could allow a malicious site to bypass Same Origin Policy by spoofing the codebase value. Public documentation provided refer...
CVE-2020-27969
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing...
Spoofing
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing...
CVE-2020-27969
CVE-2020-27969 affects Yandex Browser for Android (version 20.8.4). Multiple sources describe a vulnerability enabling remote SOP bypass and address bar spoofing. The available connected documents note the software and impact but do not provide root-cause details or a published fix/remediation. I...
CVE-2020-27969
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing...
Mail.ru: Bypassing SOP with XSS on account.my.games leading to steal CSRF token and user information
Incorrect CORS settings on account.my.games, allowed access to user information registration IP, email, username, birthday, profile visibility from .my.com. Vulnerability demonstrated by XSS at warofdragons.my.games...
Brave Software: Onion-Location header allows to open arbitrary URLs including chrome:
The "Open in Tor" feature in Brave Nightly for OSX allowed arbitrary URLs to be opened through the Onion-Location response header, including privileged URLs such as chrome://restart/. This could be exploited to bypass SOP restrictions and gain access to privileged URLs...
BTFS: misconfigured CORS let to HPP and SOP bypass
Hello team, I found a bug on your website that let me bypass the SOP policy. Hope you fix it, everything is in the video https://www.youtube.com/watch?v=PYsU350S-s4 Impact The attacker my direct a victim to a phishing page of www.bitterrent.com/login and he/she will be convince to enter their ema...
Critical: Red Hat Security Advisory: chromium-browser security update
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 77 to the Stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 77.0.3865.75 contains a number of fixes and improvements -- a full list of changes in this build is available in the log. Wat...
Mail.ru: Reflected cross site scripting at https://auto.mail.ru/reviews/add_review/ via problems_text parameter.
Description https://auto.mail.ru is vulnerable for xss. It is possible for an attacker to inject arbitrary JavaScript in application response Step to reproduce 1. Open the below link in Firefox...
Brave Software: Navigation to restricted origins via "Open in new tab"
Summary: It's possible to open links pointing to file:/// origin from web pages using "Open link in a new tab" in context menu. https://hackerone.com/bugs?reportid=369185 shows unsafe ssh:// protocol handling, which leads to information leak using sshOS username and etc.. The vulnerability is...
Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS Vulnerabilities
Samsung Internet Browser version 6.2.01.12 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code. From: https://poctestblog.blogspot.co.uk/2017/12/samsung-internet-browser-sop-bypassuxss.html Samsung Internet Browser SOP Bypass/UXSS...
Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS
Samsung Internet Browser SOP Bypass/UXSS There is a Same Origin Policy bypass / Universal Cross Site Scripting issue in Samsung Internet Browser tested on latest version - 6.2.01.12. First of all, using the combination of MHTML and XSLT ends up resulting in a weird interaction. When you create an...
Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser
A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692, the vulnerability is Sa...
Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass
Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...