24 matches found
CVE-2018-19516
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...
Cross site scripting
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...
Design/Logic Flaw
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference : 1999965...
DLL Hijacking Exploit Code Posted for PowerPoint, Other Apps
A day after Microsoft released information on the remotely exploitable DLL-hijacking vulnerability that affects dozens of Windows applications, researchers are starting to discover exactly which pieces of software are vulnerable. The list so far includes PowerPoint, Wireshark and some application...