Pushwoosh: Spoof Email with Hyperlink Injection via Invites functionality

Email Spoofing via hyperlink injection. Design Issue, Missing Best Practice, Low severity...

Apache OpenMeetings Event Description Cross-Site Scripting (CVE-2016-2163)

A cross-site scripting vulnerability has been reported in the event handling component of Apache OpenMeetings. The vulnerability is due to insufficient validation of input for event descriptions. A remote, authenticated attacker could exploit this vulnerability by scheduling an event with a craft...

New Relic: Hyperlink Injection on adding active users

@japz discovered an issue with how some email clients render text. This issue was determined to be very low or no risk and was subsequently removed from our program's scope...

Algolia: Hyperlink Injection in Friend Invitation Emails

Description A user can change their last name to a URL in order to send email invitations containing malicious hyperlinks. Steps to Reproduce 1. Create a new Algolia account with the last name http://example.com. 2. Navigate to My Account Referrral 3. Send an invitation to an email address that y...

Instacart: Hyperlink Injection in Friend Invitation Emails

Description A user can change their name to a URL in order to send email invitations containing malicious hyperlinks. Steps to Reproduce 1. Create a new Instacart account with the first name http://example.com 2. Navigate to https://www.instacart.com/store/referrals 3. Send an email invitation to...

The vulnerability of WebSphere Application Server’s application servers allows attackers to inject arbitrary HTTP headers.

The vulnerability of WebSphere Application Server for application servers exists due to the lack of measures to address the CRLF sequence return with a line break. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTTP headers using a specially crafted URL...

Gratipay: User Supplied links on profile page is not validated and redirected via gratipay.

User Supplied links on profile page is not validated and redirected via gratipay. ==================== Description --------------------- The user profiles on gratipay has a profile statement section which is supported by markdown. An adversary can update the profile section with a hyper link URL ...

Uber: Active Email Hyperlink Sent on riders.uber.com

On riders.uber.com when the rider changes their information an email will be sent to their email informing them a change has been made on their rider account. The rider can change their first name to anything within 45 characters and once the change has been made they can add an email to their...

The vulnerability of the Internet Explorer browser, which allows a violator to obtain confidential information

The vulnerability of the Hyperlink Object Library component in Internet Explorer is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to obtain confidential information through a specially crafted URL in an email message or Office docume...

CVE-2016-0059

The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a 1 e-mail message or 2 Office document, aka "Internet Explorer Information Disclosure Vulnerability."...

Information disclosure

The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a 1 e-mail message or 2 Office document, aka "Internet Explorer Information Disclosure Vulnerability."...

CVE-2016-0059

CVE-2016-0059 affects Microsoft Internet Explorer (Hyperlink Object Library) and enables information disclosure from process memory when a user clicks a crafted URL in an email or Office document. Affected products include IE 9–11; root cause is improper handling of memory objects in the Hyperlin...

CVE-2016-0059

The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a 1 e-mail message or 2 Office document, aka "Internet Explorer Information Disclosure Vulnerability."...

Microsoft Internet Explorer Information Disclosure (MS16-009: CVE-2016-0059)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Hyperlink Object Library discloses the contents of its memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted...

Suspicious Hyperlink Mail Phishing Attempt

A common method for Phishing, used in malspam campaigns, is the use of hyperlinks inside such a seemingly valid entity, in order to direct the victim into a designated website controlled by the attacker or in order to make the user download malware such as Hancitor/Pony...

Firefox < 36 Multiple Vulnerabilities

The version of Firefox installed on the remote Windows host is prior to 36.0. It is, therefore, affected by the following vulnerabilities : - An issue exists that allows whitelisted Mozilla domains to make 'UITour' API calls while UI Tour pages are present in background tabs. This allows an...

CVE-2014-9212

Multiple cross-site scripting XSS vulnerabilities in Altitude uAgent in Altitude uCI Unified Customer Interaction 7.5 allow remote attackers to inject arbitrary web script or HTML via 1 an email hyperlink or the 2 style parameter in the image attribute section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Altitude uAgent in Altitude uCI Unified Customer Interaction 7.5 allow remote attackers to inject arbitrary web script or HTML via 1 an email hyperlink or the 2 style parameter in the image attribute section...

CVE-2014-9212

Multiple cross-site scripting XSS vulnerabilities in Altitude uAgent in Altitude uCI Unified Customer Interaction 7.5 allow remote attackers to inject arbitrary web script or HTML via 1 an email hyperlink or the 2 style parameter in the image attribute section...

AOL Instant Messenger 4.x Hyperlink Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4244/info AOL Instant Messenger AIM is a real time messaging service. The AIM client runs on Microsoft Windows operating systems. It is possible to crash the AIM client by sending a specially formatted hyper-link to a use...