1122 matches found
Open redirect
Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter...
CVE-2015-3370
CVE-2015-3370 — Drupal Node Invite CSRF : A CSRF in the Drupal Node Invite module (6.x prior to 6.x-2.5) allows remote attackers to hijack the authentication of users who have the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified vectors. Affe...
CVE-2015-3372
The Drupal Node Invite module (6.x) is vulnerable prior to 6.x-2.5: an XSS flaw allows remote authenticated users to inject script/HTML via a node title. Additional issues include CSRF exposure and an open redirect vulnerability. Affected versions: Node Invite 6.x-2.x before 6.x-2.5; Drupal core ...
CVE-2015-3370
Cross-site request forgery CSRF vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "nodeinvitecanmanageinvite" permission for requests that re-enable node invitations via unspecified vectors...
CVE-2015-3372
Cross-site scripting XSS vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...
CVE-2015-3371
The CVE-2015-3371 Open Redirect vulnerability affects the Drupal Node Invite module up to 6.x-2.x, specifically versions prior to 6.x-2.5. The issue arises from the destination parameter, allowing remote attackers to redirect users to arbitrary websites, enabling phishing. Affected component: Nod...
Cisco Unity Connection Multiple Remote DoS (cisco-sa-20150401-cuc)
The version of Cisco Unity Connection installed on the remote host is 8.5 prior to 8.51SU7 / 8.6 prior to 8.62aSU4 / 9.x prior to 9.12SU2 / 10.x prior to 10.01SU1. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the Connecti...
Cisco Unity Connection SIP Trunk Integration Tailored INVITE Message Denial of Service Vulnerability (CNVD-2015-02212)
Cisco Unity Connection is a feature-rich voice messaging platform that uses the Linux Unified Communications operating system. A security vulnerability exists in the Connection Conversation Manager CuCsMgr process of Cisco Unity Connection. It allows an unauthenticated, remote attacker to cause a...
Design/Logic Flaw
The Connection Conversation Manager aka CuCsMgr process in Cisco Unity Connection 8.5 before 8.51SU7, 8.6 before 8.62aSU4, 9.x before 9.12SU2, and 10.0 before 10.01SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service core dump and restart via crafted SI...
CVE-2015-0613
The Connection Conversation Manager aka CuCsMgr process in Cisco Unity Connection 8.5 before 8.51SU7, 8.6 before 8.62aSU4, 9.x before 9.12SU2, and 10.0 before 10.01SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service core dump and restart via crafted SI...
Cisco Unity Connection SIP Trunk Integration Tailored INVITE Message Denial of Service Vulnerability (CNVD-2015-02193)
Cisco Unity Connection is a feature-rich voice messaging platform that uses the Linux Unified Communications operating system. A security vulnerability exists in the Connection Conversation Manager CuCsMgr process of Cisco Unity Connection. An unauthenticated, remote attacker could trigger a...
Colloquy IRC Channel Invite Format String Denial of Service - Ver2 (CVE-2007-0344)
A denial-of-service vulnerability has been reported in Colloquy. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Dropbox Acquisitions: Privilege Escalation at invite feature @hackpad.com
Hey! I would like to report Privilege Escalation @hackpad.com's Invite feature. Description : Hackpad allows admin of the workspace to add/invite users for admin/member/guest etc roles. I can able to grant that access to any one with just one click. Attack Scenario: Lets say you have workspace...
Nearby Live: Group Invite not properly authenticated
There is no check whether the inviting user is allowed to invite a user into a group and through manipulation a user may sent themself and invite to any group. Example: Group A created by User 1 with Owner invitation only with ID x User 2 sends malicious himself invite with ID x and receives invi...
SA-CONTRIB-2015-032 - Node Invite - Multiple vulnerabilities
Node Invite module enables you to invite people to RSVP on node types that have been configured to represent events. The module doesn't sufficiently sanitize the titles of nodes in some listings, allowing a malicious user to inject code, thereby leading to a Cross Site Scripting XSS vulnerability...
Cisco WebEx Meetings Server Unauthorized Invite List Vulnerability
A vulnerability in the outlookpa page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to modify the invite list of scheduled meetings. The vulnerability is due to improper sanitization of application programming interface API input. An attacker could exploit this...
Unspecified Vulnerability in Cisco WebEx Meetings Server
Cisco WebEx Meetings are web conferencing solutions. The outlookpa component in Cisco WebEx Meetings Server fails to properly validate API inputs, allowing a remote attacker with a carefully constructed URL to be able to modify the invitation list for a meeting...
CVE-2014-8036
The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254...
Authentication flaw
The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254...
Asterisk PJSIP Multiple Vulnerabilities (AST-2014-013 / AST-2014-015 / AST-2014-016)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities in the PJSIP channel driver : - A security bypass vulnerability exists due to a flaw in the 'respjsipacl' module which may allow a remote attacke...