98 matches found
CVE-2023-24597
OX App Suite before frontend 7.10.6-rev24 is affected by a vulnerability that allows loading an email messages remote resources during printing without user consent. Root cause: loading remote resources in the print flow (no user interaction). Impact: potential information exposure (confidential...
CVE-2023-25621
Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or...
SUSE CVE-2013-2873
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources...
SUSE CVE-2016-5173
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...
Mozilla: Leaking browser history with CSS variables
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...
CVE-2022-26889
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page e.g., HTML Injection, XSS or bypass SPL safeguards for risky commands. The attack...
CVE-2021-20066
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...
PT-2021-13744 · Jsdom · Jsdom
Name of the Vulnerable Software and Affected Versions: JSDom affected versions not specified Description: JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. Recommendations: At the moment...
GitHub Security Lab: Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks
This bug was reported directly to GitHub Security Lab...
Windows Inject Reflective PE Files, Windows x64 Reverse Named Pipe (SMB) Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject Reflective PE Files, Windows x64 Reverse TCP Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject Reflective PE Files, Windows x64 IPv6 Bind TCP Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Reverse Ordinal TCP Stager (No NX or Win7)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Hidden Bind TCP Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Bind TCP Stager (No NX or Win7)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Bind IPv6 TCP Stager (Windows x86)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Windows x86 Reverse Named Pipe (SMB) Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...