140 matches found
Sql injection
SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...
CVE-2022-47072
SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...
CVE-2022-47072
CVE-2022-47072 affects Sparx Systems Enterprise Architect 16.0.1605 (32-bit). The vulnerability is a SQL injection in the Find parameter of the Select Classifier dialog box, enabling execution of arbitrary SQL commands. Root cause: unsafely handling user-controlled input in the dialog’s Find para...
Input validation
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...
CVE-2023-21260
In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation...
Open redirect
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print which can then be used to open an unprivileged command prompt...
Open redirect
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker which can then be used to open an unprivileged command prompt...
Design/Logic Flaw
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...
CVE-2021-30586
Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
CKEditor4 authentication vulnerability
An authentication vulnerability exists in CKEditor4, an open source HTML editor, in the "Dialog Box" plug-in. The vulnerability allows misuse of the dialog input validator regular expression, which can cause significant performance degradation, leading to browser tab freezes. No details of the...
CKEditor 资源管理错误漏洞
An authentication vulnerability exists in CKEditor4, an open source HTML editor, in the "Dialog Box" plug-in. The vulnerability allows misuse of the dialog input validator regular expression, which can cause significant performance degradation, leading to browser tab freezes. No details of the...
Mozilla Firefox has an unspecified vulnerability (CNVD-2021-101164)
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable due to an unusual sequence of events controlled by an attacker, and alert can therefore display arbitrary albeit unstyled content on top of an uncontrolled page of the attacker's choice...
PortlandLabs Concrete CMS Cross-Site Request Forgery Vulnerability (CNVD-2021-76080)
PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A cross-site request forgery vulnerability exists in PortlandLabs Concrete CMS, which stems from a failure to validate CCM tokens when adding a save endpoint to the product's...
CVE-2021-30586
Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30586
Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30586
Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30586
Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30586
CVE-2021-30586 is a use-after-free vulnerability in Chrome’s dialog-box handling on Windows, affecting Chrome versions before 92.0.4515.107. A remote attacker could exploit this by convincing a user to install a malicious extension and by presenting a crafted HTML page, potentially triggering hea...
CVE-2021-30586
Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
Remote Code Execution (RCE)
chromium is vulnerable to remote code execution. The vulnerability exists due to a use after free in the dialog box handling on Windows component of the Chromium...