openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)

Changes in xulrunner : - update to 17.0 bnc790140 - MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards - MFSA 2012-92/CVE-2012-4202 bmo758200 Buffer overflow while rendering GIF images - MFSA 2012-93/CVE-2012-4201 bmo747607 evalInSanbox location context incorrectly appli...

openSUSE Security Update : libqt4 (openSUSE-SU-2013:0157-1)

libqt4 received security fixes for : - XMLHttpRequest could redirect to a file: URL CVE-2012-5624, bnc793194 - Disable SSL compression by default to mitigate CRIME attack CVE-2012-4929 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

CVE-2013-0187

Foreman before 1.1 allows remote authenticated users to gain privileges via a 1 XMLHttpRequest or 2 AJAX request...

Cross site request forgery (csrf)

Foreman before 1.1 allows remote authenticated users to gain privileges via a 1 XMLHttpRequest or 2 AJAX request...

CVE-2013-0187

Foreman before 1.1 contains a privilege escalation vulnerability where remote authenticated users can gain privileges via an XMLHttpRequest or an AJAX request. The connected documents do not specify the root cause, affected components beyond the generic web interface, exploit details, or a remedi...

Adobe PhoneGap设备资源限制绕过漏洞

CVE ID:CVE-2014-1883 Apache PhoneGap是一款容易使用HTML5和JavaScript构建跨平台的移动应用的流行开源平台。 安卓平台上的Adobe PhoneGap使用shouldOverrideUrlLoading回调来代替正确的shouldInterceptRequest回调，允许攻击者利用漏洞通过特制的XMLHttpRequest方法来绕过设备资源限制，执行恶意操作。 0 Adobe PhoneGap 2.6.0 目前没有详细解决方案提供： https://cordova.apache.org/...

Design/Logic Flaw

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...

CVE-2014-1884

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...

CVE-2014-1883

Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...

CVE-2014-1883

Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...

ASUS Router Multiple Vulnerabilities

The host is running ASUS Router and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodasusroutersmultvuln.nasl 6663 2017-07-11 09:58:05Z teissa $ ASUS Router Multiple Vulnerabilities Authors: Antu Sanadi Copyright: Copyright C 2014 SecPod, http://www.secpod.com This...

Google Chrome Multiple Vulnerabilities-02 (Oct 2013) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Multiple Vulnerabilities-02 (Oct 2013) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome < 30.0.1599.101 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 30.0.1599.101. It is, therefore, affected by multiple vulnerabilities : - Use-after-free errors exist related to editing, forms, and XmlHttpRequest XHR. CVE-2013-2925, CVE-2013-2926, CVE-2013-2927 - Various, unspecifi...

CVE-2013-2925

Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object...

Design/Logic Flaw

Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object...

CVE-2013-2925

Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object...

CVE-2013-2925

Removed by vendor...

CVE-2013-2925

CVE-2013-2925 is a use-after-free in Blink’s XMLHttpRequest implementation (XMLHttpRequest.cpp) used by Google Chrome before 30.0.1599.101. Connected openSUSE/Nessus entries indicate this issue was addressed via Chromium updates (e.g., 30.0.1599.101 and later 30.0.1599.114) with multiple patches ...

Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities)

Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base. CVE-2011-3670Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through ...