Lucene search
K

346 matches found

NVD
NVD
added 2018/03/16 2:29 p.m.24 views

CVE-2018-1000134

UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...

9.8CVSS9.7AI score0.04913EPSS
Exploits0References3
OSV
OSV
added 2018/03/16 2:29 p.m.32 views

CVE-2018-1000134

UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...

9.8CVSS9.8AI score
Exploits0References3
Cvelist
Cvelist
added 2018/03/16 2:4 p.m.50 views

CVE-2018-1000134

UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...

9.6AI score0.04913EPSS
Exploits0References3
CVE
CVE
added 2018/03/16 2:4 p.m.106 views

CVE-2018-1000134

CVE-2018-1000134 affects the UnboundID LDAP SDK for Java. The issue is an Incorrect Access Control in the SimpleBindRequest.process function that does not check for an empty password in synchronous mode, potentially allowing authentication bypass by a valid username with an empty password. The vu...

9.8CVSS9.4AI score0.04913EPSS
Exploits0References3Affected Software1
Fedora
Fedora
added 2017/08/13 8:56 p.m.34 views

[SECURITY] Fedora 26 Update: libsoup-2.58.2-1.fc26

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

9.8CVSS0.24337EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/05/25 12:0 a.m.34 views

WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting

view-frame.page; frame.tree.appendChildchildFrame-view-frame; childFrame-open; enqueuePageshowEventPageshowEventPersisted; HistoryItem historyItem = frame.loader.history.currentItem; if historyItem && historyItem-stateObject mdocument-enqueuePopstateEventhistoryItem-stateObject;...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/04/21 12:0 a.m.21 views

Chrome Universal XSS using an <input type="color"> element (CVE-2016-5208)

VULNERABILITY DETAILS When an input element is removed, the popup is closed during the layout tree detach: void HTMLInputElement::detachLayoutTreeconst AttachContext& context HTMLTextFormControlElement::detachLayoutTreecontext; mneedsToUpdateViewValue = true; minputTypeView-closePopupView; If the...

4.3CVSS8AI score0.01094EPSS
Exploits1
Exploit DB
Exploit DB
added 2017/04/11 12:0 a.m.22 views

Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting

URL scriptURL; URL url; if protocolIsJavaScripturlString scriptURL = completeURLurlString; // completeURL encodes the URL. url = blankURL; else url = completeURLurlString; if shouldConvertInvalidURLsToBlank && !url.isValid url = blankURL; Frame frame = loadOrRedirectSubframeownerElement, url,...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2017/04/10 12:0 a.m.481 views

WebKit Synchronous Page Load UXSS

WebKit: UXSS via a synchronous page load CVE-2017-2480 Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed. bool SubframeLoader::requestFrameHTMLFrameOwnerElement& ownerElement, const String& urlString, const AtomicString&...

4.3CVSS7.5AI score0.04314EPSS
Exploits3
seebug.org
seebug.org
added 2017/04/07 12:0 a.m.40 views

WebKit: UXSS via a synchronous page load(CVE-2017-2480)

Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed. bool SubframeLoader::requestFrameHTMLFrameOwnerElement& ownerElement, const String& urlString, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList...

4.3CVSS7.6AI score0.04314EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2016/12/07 7:8 p.m.10 views

chromium-browser: universal xss in blink

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

6.1CVSS7.5AI score0.01094EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2016/12/06 12:0 a.m.22 views

CVE-2016-5208

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

6.1CVSS6.9AI score0.01094EPSS
Exploits1References3
Fedora
Fedora
added 2016/07/29 12:0 a.m.37 views

[SECURITY] Fedora 24 Update: php-guzzlehttp-guzzle6-6.2.1-1.fc24

Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and tr ivial to integrate with web services. Simple interface for building query strings, POST requests, streaming lar ge uploads, streaming large downloads, using HTTP cookies, uploading JSON da ta, etc... Can send both...

8.1CVSS0.6AI score0.50427EPSS
Exploits0
Kitploit
Kitploit
added 2016/01/31 5:39 p.m.18 views

SEE - Sandboxed Execution Environment

Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...

7.7AI score
Exploits0References1
n0where
n0where
added 2015/12/21 8:53 p.m.21 views

Sandboxed Execution Environment: SEE

Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...

2.2AI score
Exploits0References1
The Hacker News
The Hacker News
added 2012/02/22 12:23 p.m.10 views

Apache 2.4 Comes Out, Major update after 6 years

Apache 2.4 Comes Out, Major update after 6 years The Apache Software Foundation officially released the Apache 2.4 today as the first major update to this leading open-source web-server in more than a half-decade. Apache 2.4 is slated to deliver superior performance to its 2.2 predecessor and...

6.7AI score
Exploits0
OSV
OSV
added 2011/10/25 7:55 p.m.8 views

UBUNTU-CVE-2011-3881

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS UXSS attacks via vectors related to 1 the DOMWindow::clear function and use of a selection object, 2 the...

4.3CVSS5.8AI score0.01794EPSS
Exploits0References2
Fedora
Fedora
added 2011/09/25 3:34 a.m.24 views

[SECURITY] Fedora 14 Update: libsoup-2.32.2-2.fc14

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

5CVSS0.01925EPSS
Exploits0
Prion
Prion
added 2010/08/19 10:0 p.m.17 views

Hardcoded credentials

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

10CVSS7AI score0.02644EPSS
Exploits0References12Affected Software1
UbuntuCve
UbuntuCve
added 2010/08/19 10:0 p.m.23 views

CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

10CVSS5.9AI score0.02644EPSS
Exploits0References2
Rows per page
Query Builder