163 matches found
CVE-2021-21866
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigge...
Rockstar Games: Uninstalling Rockstar Games Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication
In this report, the researcher identified a potential weakness in Rockstar Games Launcher that caused the application to retain profile data on the local machine, even after the application was uninstalled. This included auto sign-in flags, resulting in automatic sign-ins when reinstalling Rockst...
3s-smart Software Solutions CODESYS Development System代码问题漏洞
3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from 3S-Smart Software Solutions 3s-smart Software Solutions, Germany. A code issue vulnerability exists in the ObjectManager.plugin...
TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers
Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked...
Millions of Social Profiles Leaked by Chinese Data-Scrapers
More than 400GB of public and private profile data for 214 million social-media users from around the world has been exposed to the internet – including details for celebrities and social-media influencers in the U.S. and elsewhere. The leak stems from a misconfigured ElasticSearch database owned...
GitLab Information Disclosure Vulnerability
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab that originates...
CVE-2020-0419
In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2020-1523
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...
CVE-2020-1523
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...
CVE-2020-1440
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...
CVE-2020-1440
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...
Code injection
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...
Code injection
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...
Microsoft SharePoint Server Tampering Vulnerability
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...
Microsoft SharePoint Server Tampering Vulnerability
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...
Microsoft SharePoint Server Tampering Vulnerability
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...
PT-2020-4034 · Microsoft · Sharepoint Foundation +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to insufficie...
PT-2020-4036 · Microsoft · Sharepoint Foundation +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A tampering issue exists due to...
OPENSUSE-SU-2020:1042-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 bsc1173948 MFSA-2020-0003 bmo1644076 X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR Fixed: Security fix Fixed: Fixed an accessibility regression in...
PT-2020-20579 · Silverstripe · Silverstripe
Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.5 Description: The issue allows malicious users with a valid Silverstripe CMS login to craft profile information, leading to cross-site scripting XSS for other users through specially crafted login form URLs...