7972 matches found
Multiple Blue Coat Systems SSL Visibility Appliance Products Cross-Site Request Forgery Vulnerabilities
The Blue Coat Systems SSL Visibility Appliance SV800 is a management appliance that provides complete visibility into encrypted traffic from Blue Coat Systems, USA. The appliance provides a dedicated encrypted traffic management platform, easy-to-use policy enforcement points and adaptive securit...
Xxe
The web-based user interface in Cisco Unified MeetingPlace 8.61.9 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCus97452...
Cisco Unified MeetingPlace XML Processing Information Disclosure Vulnerability
A vulnerability in the web-based user interface of Cisco Unified MeetingPlace could allow an authenticated, remote attacker to gain read access to select information stored on the affected system. The vulnerability is due to improper handling of XML External Entities XXEs when parsing an XML file...
Cisco Web Security Appliance Web Tracking Report Page Cross-Site Scripting Vulnerability
A vulnerability in the Web Tracking Report page of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper validation of user-supplied input in a...
pcs: improper web session variable signing
It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI...
Design/Logic Flaw
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...
UBUNTU-CVE-2015-1156
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...
Apple Safari WebKit bypasses same-origin policy vulnerability (CNVD-2015-02944)
WebKit is the open source web browser engine currently used by Safari, Chrome and other browsers. Apple Safari before 6.2.6, 7.1.6 before 7.x,8.0.6 before 8.x versions using WebKit's page-loading implementation suffers from a bypassing the same-origin policy vulnerability that stems from its...
Debian DSA-3238-1 : chromium-browser - security update
Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. - CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. - CVE-2015-1237 Khalil Zhani discovered a use-after-fr...
[SECURITY] [DSA 3238-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3238-1 (chromium-browser - security update)
Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. CVE-2015-1237 Khalil Zhani discovered a use-after-free iss...
DSA-3238-1 chromium-browser - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3238-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site scripting
Cross-site scripting XSS vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a category name...
Safari < 6.2.4 / 7.1.4 / 8.0.4 Multiple Vulnerabilities
Binary data 8695.prm...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface...
CVE-2015-0510
Oracle Commerce Platform (9.4, 10.0, 10.2) is affected by a vulnerability in the Dynamo Application Framework – HTML Admin User Interface. The issue, described in connected CNVD data, allows a remote attacker to update, insert, or delete data, compromising data integrity. The root cause details a...
CVE-2015-0510
Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface...
Cisco TelePresence Collaboration Desk and Room Endpoints HTML Redirect Vulnerability
A vulnerability within the login page of the web user interface of Cisco TelePresence Collaboration Desk and Room Endpoints devices running TC Software could allow an unauthenticated, remote attacker to conduct HTML redirection attacks. The vulnerability is due to improper input validation of...
KLA10546 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service or possible execute arbitrary code. Below is a complete list of vulnerabilities 1. Unknown...