SUSE CVE-2009-1839

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack...

SUSE CVE-2015-3755

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL...

SUSE CVE-2017-17523

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument...

GHSA-FJ26-Q4VH-85F6 MoinMoin Cross-site Scripting (XSS) vulnerability

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...

CVE-2022-22182

A Cross-site Scripting XSS vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12....

CVE-2022-25221

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code...

chromium-browser: CSP bypass with blob URL

Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page...

DEBIAN-CVE-2018-19142

Open Ticket Request System OTRS 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL...

Cisco WebEx Meetings Server Denial of Service Vulnerability (CNVD-2018-14207)

Cisco Webex Meetings Suite sites, Webex Meetings Online sites, and Webex Meetings Server are all versatile video conferencing solutions from Cisco.Webex Network Recording Player Webex Network Recording Player for Advanced Recording Format ARF and Webex Recording Format WRF is one of the media...

Multiple IBM Product Clickjacking Vulnerabilities

IBM InfoSphere DataStage and InfoSphere Information Server on Cloud are both products of IBM USA. The former is a set of graphical interface to provide data integration solutions ETL data extraction, transformation and loading tools, the latter is a set of cloud-based data integration platform. A...

Phishing URL Attack Attempt

Phishing URL attack attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity. The attacker uses embedded redirection links in order to gain the victim's account information...

CVE-2016-4782

Lenovo SHAREit before 3.5.98ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."...

Code injection

Lenovo SHAREit before 3.5.98ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."...

CVE-2016-4782

The connected Lenovo advisory confirms CVE-2016-4782 affects SHAREit for Android versions older than 3.5.98_ww on devices running Android

CVE-2016-4782

Lenovo SHAREit before 3.5.98ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."...

Apple iOS Messages Information Disclosure Vulnerability (CNVD-2016-01875)

Apple iOS is an operating system for mobile devices developed by Apple Inc. Messages is a component of the application used to send text, photos and videos. A security vulnerability exists in Messages in Apple iOS versions prior to 9.3, which stems from the program failing to determine that an...

WordPress Cforms Plugin 14.7 - Remote Code Execution

Cforms plugin is prone to a remote code execution vulnerability, because of script does not check remotely cached files properly. Also, it can attack URL. Solution Upgrade the plugin...

PHP vulnerability full solution-vulnerability warning-the black bar safety net

PHP web page security issues For PHP website mainly exist the following types of attacks: 1. Command injectionCommand Injection 2. eval injectionEval Injection 3. Client scripting attacksScript Insertion 4. Cross-site scripting attacksCross Site Scripting, XSS 5. SQL injectionattacksSQL injection...

CVE-2002-2230

CVE-2002-2230 describes an XSS vulnerability in Ikonboard 3.1.1 where remote attackers can inject arbitrary script via a private message containing a javascript: URL in an IMG tag, with the URL ending in ".gif" or ".jpg". The connected Red Hat CVE entry confirms this issue as a cross-site scripti...

CVE-2006-1061

Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL tftp:// with a valid hostname and a long path...