113 matches found
Input validation
TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application...
Airmail 3 Exploit Instantly Steals Info from Apple Users
Severe vulnerabilities in the Airmail 3 software – an alternative to Apple Mail for MacOS – would allow a remote attacker to steal a user’s past emails and file attachments, in many cases without requiring user interaction beyond simply opening a weaponized message, researchers said. Security...
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
Code injection
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
CVE-2017-5384
CVE-2017-5384 : Information disclosure via Proxy Auto-Config (PAC) in Firefox
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
Directory Traversal
intsol-package is vulnerable to directory traversal attacks. This is possible by requesting a URL such as /..%2f..%2fetc/passwd to get sensitive information...
Directory Traversal
sspa is vulnerable to directory traversal attacks. It is possible by requesting a URL such as /..%2f..%2fetc/passwd to get sensitive information...
Adobe Acrobat Pro DC URL Parsing Insufficient Verification of Data Authenticity Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
Cisco Expressway Series and Cisco TelePresence Denial of Service Vulnerability
Cisco Expressway Series Software and Cisco TelePresence Video Communication Server VCS Software are both telepresence video communication servers from Cisco that integrate with unified communications and voice communications environments to It can be integrated with unified communications and voi...
CVE-2017-14001
An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL...
Cisco Ultra Services Framework Information Disclosure Vulnerability
Cisco Ultra Services Framework is an intelligent online service delivery platform from the U.S. company Cisco Cisco. An information disclosure vulnerability exists in the AutoVNF VNFStagingView class in Cisco Ultra Services Framework version 21.0.0, which stems from the program failing to...
Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. The vulnerability is due to insufficient sanity checks...
CVE-2017-5384
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: October 14, 2014
MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: October 14, 2014 View products that this article applies to. Introduction This security update resolves vulnerabilities that could allow remote code execution if an attacker sends a...
Cisco WebEx Meetings Server User Enumeration Vulnerability
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...
Cisco WebEx Meetings Server Unauthorized Invite List Vulnerability
A vulnerability in the outlookpa page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to modify the invite list of scheduled meetings. The vulnerability is due to improper sanitization of application programming interface API input. An attacker could exploit this...
CVE-2014-8035
Cisco WebEx Meetings Server’s web framework exposes user enumeration via crafted URL requests. The vulnerability stems from improper sanitization of the returned message, causing different responses depending on whether a username exists. An unauthenticated, remote attacker could enumerate valid ...