229 matches found
Mohachat 0.1.1 Cross Site Scripting / Redirection
Exploit Title: Mohachat 0.1.1 Cross Site Scripting Vulnerability Mohachat 0.1.1 HTML Form redirecting page Date: 2014 18 March Author: Dr.3v1l Vendor Homepage: http://mohachat.org Version : 0.1.1 Tested on: Windows Category: webapps Google Dork: intext:"MOHA Chat 0.1.1 S.H.Mohanjith" + Exploit :...
CVE-2013-6634
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...
Session fixation
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...
CVE-2013-6634
The CVE-2013-6634 issue affects Chromium/ chromium-browser prior to version 31.0.1650.63, where OneClickSigninHelper::ShowInfoBarIfPossible used an incorrect URL during realm validation. This allowed session fixation and potential web-session hijacking via a 302 redirect. The documented fixes upg...
CVE-2013-6627
CVE-2013-6627 is an out-of-bounds read in Chromium/Google Chrome’s HTTP parsing (1xx handling). Affected: Chrome/Chromium around 31.x prior to 31.0.1650.48. Exploitation noted in public advisories/Exploits. Remediation: update to Chromium/Chrome 31.0.1650.48 or newer (as reflected in openSUSE Deb...
CVE-2013-2908
Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 aka No Content status code...
CVE-2013-2916
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 aka No Content status code, in conjunction with a delay in notifying the user of an attempted spoof...
CVE-2013-2916
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 aka No Content status code, in conjunction with a delay in notifying the user of an attempted spoof...
Code injection
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 aka No Content status code, in conjunction with a delay in notifying the user of an attempted spoof...
CVE-2013-2916
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 aka No Content status code, in conjunction with a delay in notifying the user of an attempted spoof...
CVE-2013-2873
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources...
CVE-2013-2873
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources...
Design/Logic Flaw
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources...
CVE-2013-2873
CVE-2013-2873 is a use-after-free vulnerability in Chrome/Chromium related to resource loading. Affected product: Google Chrome before 28.0.1500.71 (and Chromium components referenced in advisories). Impact per sources: potential denial of service and possibly other unspecified effects via exploi...
CVE-2013-2873
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources...
CVE-2013-2873
Removed by vendor...
CVE-2013-0599
IBM Eclipse Help System IEHS, as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP...
Code injection
IBM Eclipse Help System IEHS, as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP...
CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...
CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...