158 matches found
Google Chrome Resource Management Error Vulnerability (CNVD-2022-15136)
Google Chrome is a web browser from Google, Inc. A resource management error vulnerability exists in Google Chrome that could be exploited by attackers to convince users to engage in specific user interactions that could potentially exploit heap corruption via well-designed HTML pages...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome, which can be exploited by attackers to convince users to engage in specific user interactions to exploit heap corruption via carefully crafted HTML pages...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser from Google, Inc. Google Chrome is vulnerable to a resource management error that could be exploited by attackers to convince users to engage in specific user interactions to exploit heap corruption via carefully designed HTML pages...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome, which can be exploited by attackers to potentially corrupt the heap through specific user interactions...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
UBUNTU-CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
CVE-2021-22183
Removed by vendor...
U.S. Dept Of Defense: RXSS Via URI Path - https://██████████/
Hello All I Found RXSS in your OWN Website Steps To Reproduce Go to This Link https://██████/Orders/A%22onerror='alert%60xElkomy%60'testabcd/Login.aspx?ReturnUrl=/Orders Browsers I test them on Firefox and Google Chrome. Fix:- Filter input on arrival Encode data on output Use appropriate response...
Unspecified Vulnerability in IBM Resilient
IBM Resilient is a suite of incident response platforms from IBM in the United States. The platform supports functions such as incident response process orchestration and incident management. A security vulnerability exists in IBM Resilient versions 33.x and 34.0 that stems from the program faili...
Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners
UPDATE Amazon’s Ring Doorbell app for Android is a nexus for data-harvesting, according to an investigation by the Electronic Frontier Foundation EFF. Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn’t have a...
Microsoft Internet Explorer 11 - XML External Entity Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Internet Explorer v11 latest version...
DEBIAN-CVE-2017-7752
A use-after-free vulnerability during specific user interactions with the input method editor IME in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox 54, Firefox...
APSB18-15 Security update available for the Adobe PhoneGap Push plugin
Adobe has released an update for the Adobe PhoneGap Push plugin. This update resolves a Same-Origin Method Execution SOME vulnerability CVE-2018-4943 that exists in PhoneGap apps built with the affected version of the Push plugin. This vulnerability could be exploited to trick users of PhoneGap...
Truncated dialogs may be used to trick users
When an important dialog is being displayed, such as a download dialog, the entire dialog should be visible, so that the user can clearly see what the dialog's buttons will do. In some cases, specific user interactions can cause Opera not to enforce this correctly, allowing the window to become...
A combination of clicks and key presses can lead to cross site scripting or code execution – Opera Security Advisories
When a user double clicks on a page, they may expect the two clicks to target the same object. If a page uses the first click to open a pop-up window in a predictable location, the second click may focus parts of the new window, such as its address field. If the page can then convince the user to...