31 matches found
Design/Logic Flaw
The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...
CVE-2015-1244
The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...
CVE-2015-1244
CVE-2015-1244 affects Google Chrome prior to 42.0.2311.90. The issue lies in URLRequest::GetHSTSRedirect in url_request/url_request.cc, which does not replace the ws scheme with the wss scheme when an HSTS policy is active, enabling potential disclosure of sensitive WebSocket data via network sni...
CVE-2015-1244
Removed by vendor...
CVE-2015-1244
The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...
Ubiquiti Networks UniFi Video Default - crossdomain.xml Security Bypass
Ubiquiti Networks UniFi Video Default - crossdomain.xml Security Bypass source: https://www.securityfocus.com/bid/68866/info UniFi Video is prone to a security-bypass vulnerability. An authenticated attacker can exploit this issue to bypass certain security restrictions and perform unauthorized...
Adobe Flash Player <= 10.1.51 Local File Access Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38517/info Adobe Flash Player is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. package com.lavakumar.imposter...
Xorbin Analog Flash Clock 1.0 For WordPress XSS
==================================================================== Xorbin Analog Flash Clock 1.0 Plugin for Wordpress Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...
Xorbin Analog Flash Clock 1.0 For Joomla XSS
==================================================================== Xorbin Analog Flash Clock 1.0 Extension for Joomla Flash-based XSS ==================================================================== Description: This plugin displays analog flash clock on your website. It's easy to use and...
Apache 2.2.6 mod_negotiation - HTML Injection HTTP Response Splitting
Apache 2.2.6 modnegotiation - HTML Injection HTTP Response Splitting source: https://www.securityfocus.com/bid/27409/info Apache 'modnegotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input befor...
Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting
source: https://www.securityfocus.com/bid/27409/info Apache 'modnegotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML o...