5946 matches found
Design Vulnerability in YoMail Email Client of Shanghai Wulong Information Technology Co.
yomail is a lightweight design email client. A design vulnerability exists in the YoMail email client of Shanghai Wuji Information Technology Co. Ltd, which allows an attacker to execute js code, etc. by sending a payload...
Slack: Open Redirect on slack.com
Hi, my report has tow interesting parts here First ====== In this report 104087 the attacker uploads a svg file to execute JavaScript and redirect to any domain I have found a new way to execute full html files on victim machine instead of downloading them by adding a bunch of binary chars before...
Adobe Acrobat Reader DC Restriction Bypass Vulnerability (CNVD-2016-03132)
Adobe Acrobat Reader DC is the United States of America Odooby Adobe company's set of tools for viewing, printing and annotating PDF. A security vulnerability exists in Adobe Acrobat Reader DC that allows an attacker to bypass restrictions on the Javascript API executable...
Google Chrome Javascript Execution Vulnerability
Google Chrome is a popular web browser. A javascript execution vulnerability exists in Google Chrome's default search engine. An attacker is able to manipulate the masterpreferences file on the victim's machine...
Snapchat: XSS found on Snapchat website
Hi Snapchat Team, I've found a reflected XSS vulnerability on this page: https://www.snapchat.com/add/snapchat Example: https://www.snapchat.com/add/%22%3E%3Ch1%3EXSS%3C%2Fh1%3E Note: you should visit the page with a mobile user-agent since the server displays different information based on the...
Anti-Malware Security & Brute-Force Firewall <= 4.15.42 - XSS & CSRF
The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a XSS & CSRF security vulnerability. PoC XSS vulnerability in https://wordpress.org/plugins/gotmls/ has been identified. While I scan a site with that plugin , i had a file '".png and it was skippped , but result...
Veris: Security Vulnerability - SMTP protection not used
Hi, I'm checking your website found SPF record there. You should apply strict SMPT policy to stop spoofed email sending from your domain. An attacker would send a Fake email from [email protected] saying that Please change your password, The victim is aware of phishing attacks, But when he sees...
Xymon HTML Injection Vulnerability
Xymon is an open source , cross-platform network monitoring application . The application can be viewed through the web page of the operational status of each server , and supports Email and SMS notification function . There is an HTML injection vulnerability in Xymon. This vulnerability can be...
The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.
The vulnerability of the CBSharedReviewStatusDialog method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions...
Vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.
The vulnerability of the CBBBRInvite method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions. Exploiting this...
The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.
The vulnerability of the ANSendForBrowserReview method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions. Exploiting...
Reflected Cross-Site Scripting (XSS) in iTop
Advisory ID: HTB23268 Product: iTop Vendor: Combodo SARL Vulnerable Versions: 2.1.0-2127 and probably prior Tested Version: 2.1.0-2127 Advisory Publication: July 29, 2015 without technical details Vendor Notification: July 29, 2015 Vendor Patch: July 30, 2015 Public Disclosure: September 23, 2015...
Adobe Acrobat/Reader Javascript API Execution Bypass Vulnerability (CNVD-2015-06690)
Adobe Reader/Acrobat is a popular application for working with PDF files. An execution bypass vulnerability exists in Adobe Reader/Acrobat. Allows an attacker to construct a malicious PDF file and trick the user into parsing it, which can bypass Javascript API execution restrictions...
Design/Logic Flaw
The CBSharedReviewCloseDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript A...
IPython Notebook Arbitrary Code Execution Vulnerability
IPython NotebookIPython is an enhanced version of Python's native interactive shell developed by the IPython team, of which Notebook is a development environment. Arbitrary code execution vulnerability in IPython Notebook versions prior to 3.2.2 and Jupyter Notebook versions 4.0.x prior to 4.0.5...
Mozilla Firefox Arbitrary Code Execution Vulnerability (CNVD-2015-04353)
Mozilla Firefox is a web browser released by Mozilla. A security vulnerability exists in Mozilla Firefox version 38.0 and Firefox ESR version 38.0, which can be exploited by remote attackers to read arbitrary files or execute arbitrary JS code via a constructed website...
UBUNTU-CVE-2015-2727
Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a...
Microsoft Active Directory Federation Services CVE-2015-1757 Privilege Escalation Vulnerability
Description Microsoft Active Directory Federation Services is prone to a remote privilege-escalation vulnerability because it fails to sanitize user-supplied input. An attacker can exploit this issue to gain elevated privileges and perform unauthorized actions in the context of the currently...
CVE-2015-3074
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064,...
mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages
A flaw was found in the way the modcluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the modcluster manager web interface...