Lucene search
K

31 matches found

Prion
Prion
added 2015/04/19 10:59 a.m.22 views

Design/Logic Flaw

The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...

5CVSS6.1AI score0.01445EPSS
Exploits0References10Affected Software3
Cvelist
Cvelist
added 2015/04/19 10:0 a.m.37 views

CVE-2015-1244

The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...

5.5AI score0.01445EPSS
Exploits0References10
CVE
CVE
added 2015/04/19 10:0 a.m.115 views

CVE-2015-1244

CVE-2015-1244 affects Google Chrome prior to 42.0.2311.90. The issue lies in URLRequest::GetHSTSRedirect in url_request/url_request.cc, which does not replace the ws scheme with the wss scheme when an HSTS policy is active, enabling potential disclosure of sensitive WebSocket data via network sni...

5CVSS5.6AI score0.01445EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2015/04/19 10:0 a.m.26 views

CVE-2015-1244

Removed by vendor...

5CVSS9.6AI score0.01445EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/04/19 12:0 a.m.30 views

CVE-2015-1244

The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...

5CVSS7.3AI score0.01445EPSS
Exploits0References5
exploitpack
exploitpack
added 2014/07/23 12:0 a.m.17 views

Ubiquiti Networks UniFi Video Default - crossdomain.xml Security Bypass

Ubiquiti Networks UniFi Video Default - crossdomain.xml Security Bypass source: https://www.securityfocus.com/bid/68866/info UniFi Video is prone to a security-bypass vulnerability. An authenticated attacker can exploit this issue to bypass certain security restrictions and perform unauthorized...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Adobe Flash Player <= 10.1.51 Local File Access Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38517/info Adobe Flash Player is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. package com.lavakumar.imposter...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/06/30 12:0 a.m.57 views

Xorbin Analog Flash Clock 1.0 For WordPress XSS

==================================================================== Xorbin Analog Flash Clock 1.0 Plugin for Wordpress Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...

4.1CVSS0.6AI score0.0245EPSS
Exploits3
Packet Storm
Packet Storm
added 2013/06/30 12:0 a.m.79 views

Xorbin Analog Flash Clock 1.0 For Joomla XSS

==================================================================== Xorbin Analog Flash Clock 1.0 Extension for Joomla Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...

4.1CVSS0.3AI score0.0245EPSS
Exploits3
exploitpack
exploitpack
added 2008/01/22 12:0 a.m.26 views

Apache 2.2.6 mod_negotiation - HTML Injection HTTP Response Splitting

Apache 2.2.6 modnegotiation - HTML Injection HTTP Response Splitting source: https://www.securityfocus.com/bid/27409/info Apache 'modnegotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input befor...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2008/01/22 12:0 a.m.207 views

Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting

source: https://www.securityfocus.com/bid/27409/info Apache 'modnegotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML o...

7.4AI score
Exploits0
Rows per page
Query Builder