42 matches found
CVE-2023-31225
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability...
CVE-2023-31225
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability...
CVE-2023-29187 DLL Hijacking vulnerability in SapSetup (Software Installation Program)
A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup Software Installation Program - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the...
The vulnerability in the implementation of the GOT Mobile function in the software for graphic control panels from Mitsubishi Electric’s GOT2000 series, models GT27 and GT25, as well as the HMI platform GT SoftGOT2000, allows a attacker to carry out a “click hijacking” attack.
The vulnerability of the GOT Mobile function implementation in Mitsubishi Electric’s GOT2000 series graphic control panels, models GT27 and GT25, as well as the HMI platform GT SoftGOT2000, is related to an incorrect limitation on the layers or frames that can be displayed in the user interface...
CVE-2022-4457
Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's...
CVE-2022-37173
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe...
The vulnerability of the Apache HTTP Server’s web server, related to HTTP request processing flaws, allows attackers to execute the “HTTP request hijacking” attack.
The vulnerability of the Apache HTTP Server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...
Raonwiz K Upload code issue vulnerability
Raonwiz K Upload is a file transfer component from Raonwiz Korea.Raonwiz K Editor v2018.0.0.10 contains a security vulnerability that allows an attacker to perform a DLL hijacking attack on service or system restart...
CVE-2020-26155
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in...
Input validation
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This...
CVE-2020-5419
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking...
Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for JSON Hijacking Attack (CVE-2013-3041)
Summary A JSON Hijacking Attack vulnerability exists in IBM Rational ClearQuest Web Client. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CVE ID:...
CVE-2018-6562
The CVE-2018-6562 entry concerns totemomail Encryption Gateway prior to 6.0_b567, where a JSONP hijacking vulnerability allows remote attackers to obtain sensitive information about user sessions and encryption key material. Public sources describe this as a remote, web-facing information-disclos...
CVE-2018-6306
The CVE-2018-6306 entry concerns Kaspersky Password Manager DLL hijacking. Multiple connected documents confirm: the vulnerability arises from insecure loading of dynamic link libraries, enabling Unauthorized code execution. Affected product: Kaspersky Password Manager versions before 8.0.6.538 (...
CVE-2018-6306
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538...
CVE-2015-7264
Facebook Proxygen’s SPDY/2 codec contains a vulnerability (CVE-2015-7264) in versions prior to 2015-11-09 where a field is truncated to two bytes, enabling hijacking and injection attacks over the network. The issue affects the SPDY/2 handling within Proxygen; exploitation is described as enablin...
CVE-2016-9697
An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference : 1999960...
CVE-2016-9697
An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference : 1999960...
Operators issued a large number of routers to contain high-risk vulnerabilities, most of the“problem router”IP in China-vulnerability warning-the black bar safety net
! According to statistics, the global operators to the General Public of Internet users has issued at least 7 0 million ADSL Router, but unfortunately, these routers exist high-risk vulnerabilities, and thus is likely to cause large-scale router attacks. It is worth mentioning that most of...
CVE-2013-3041
The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."...