398 matches found
CVE-2022-29281
Notable (Notable-insiders) contains a vulnerability tracked as CVE-2022-29281, affecting versions prior to 1.9.0-beta.8. The issue stems from improper validation of the file URI scheme, allowing executable files to be opened when clicking a link and potentially enabling UNC/SMB path abuse. Impact...
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File
Description Formula Injection/CSV Injection in "Firstname" & "Lastname" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1.Go to a Preferences from the user account and in Personal info of "Firstname" & "Lastname" insert the below payloads. 2.Payloads:-...
Microsoft Outlook for Mac Hyperlink UI Misrepresentation Vulnerability
This vulnerability allows remote attackers to disguise the target of hyperlinks on affected installations of Microsoft Outlook for Mac. User interaction is required to exploit this vulnerability in that the target must view a malicious email. The specific flaw exists within the rendering of HTML ...
WordPress G Auto-Hyperlink Plugin SQL Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress G Auto-Hyperlink plugin in version 1.0.1 and earlier,...
CVE-2021-24627
The CVE-2021-24627 entry concerns the WordPress plugin G Auto-Hyperlink (versions up to 1.0.1). The vulnerability arises from insufficient sanitization/escaping of the id GET parameter, which is interpolated into a SQL statement used to fetch data for the admin dashboard. This yields an authentic...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress G Auto-Hyperlink plugin in version 1.0.1 and earlier,...
WordPress G Auto-Hyperlink plugin <= 1.0.1 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress G Auto-Hyperlink plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of June 18, 2021 and is not available for download. Reason: Security Issue...
G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection
The plugin does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection https://plugins.trac.wordpress.org/browser/g-auto-hyperlink/trunk/g-auto-hyperlink.phpL271 Open the...
Cross-site Scripting in Froala Editor
Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...
GHSA-CQ6W-W5RJ-P9X8 Cross-site Scripting in Froala Editor
Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...
Vulnerability fixed in OpenVPN Access Server
The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. OpenVPN has released updates to fix the vulnerability. More information can b...
Fixed vulnerability in Big-IP Access Policy Manager (APM).
The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. BIG-IP has released updates to fix the vulnerability. More information can be...
Code Injection in jerrod-lankford/google-voice-desktop-app
✍️ Description Attackers can execute malicious code on users computers using Google Voice Desktop App provided that users click on a malicious hyperlink in the app itself 🕵️♂️ Proof of Concept 1. Host the following index.html on a web server require'childprocess'.exec'calc'; 2. Users who click on...
CVE-2021-35239
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink...
CVE-2021-35239
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink...
Design/Logic Flaw
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink...
CVE-2021-35239 Stored XSS in Maps text box hyperlink Vulnerability
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink...
The vulnerability of Schneider Electric’s Modbus Serial Driver for programmable logic controllers is related to errors in processing hypertext links, allowing an attacker to re-write files in the file system.
The vulnerability of Schneider Electric’s Modbus Serial Driver relates to errors in processing hypertext links. Exploiting this vulnerability could allow an attacker to re-record files in the file system...
The vulnerability of the Moodle administration system, related to errors in processing hypertext links, allows a hacker to bypass security measures.
The vulnerability of the Moodle administration system is related to errors in processing hypertext links. Exploiting this vulnerability could allow a malicious actor to bypass security features remotely...
Security Bulletin: i2 Analyse and Analyst's Notebook Premium have hyperlink clicking vulnerability (CVE-2021-29770)
Summary IBM i2 Analyse and Analyst's Notebook Premium are vulnerable to malicious hyperlinks in certain data fields Vulnerability Details CVEID: CVE-2021-29770 DESCRIPTION: IBM i2 Analyst's Notebook Premium could allow an authenticated user to perform unauthorized actions due to hazardous input...