2170 matches found
CVE-2017-12362
A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service DoS condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker...
Multiple Cross-Site Scripting Vulnerabilities in TeamPass
TeamPass is a dedicated password manager for Apache, MySQL and PHP. Multiple cross-site scripting vulnerabilities exist in versions of TeamPass prior to 2.1.27.9. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of an item's URL value or user l...
Horde Groupware Cross-Site Scripting Vulnerability (CNVD-2017-37741)
Horde Groupware is an enterprise browser based on the Communication Suite from Horde USA. The browser supports sending and receiving e-mail, managing and sharing calendars, contacts and tasks, and more. A cross-site scripting vulnerability exists in Horde Groupware version 5.2.19. A remote attack...
Mozilla Firefox Cross-Origin URL Information Disclosure Vulnerability
Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A cross-origin URL information disclosure vulnerability exists in Mozilla Firefox versions prior to 57.0. The vulnerability arises because the Resource Timing API incorrectly discloses navigati...
chromium-browser Omnibox Component URL Spoofing Vulnerability
chromium-browser is an open source web browser project started by Google to provide source code for the proprietary Google Chrome browser. A URL spoofing vulnerability exists in the chromium-browser Omnibox component. An attacker could exploit the vulnerability to conduct malicious website URL...
DEBIAN-CVE-2017-15194
include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...
CVE-2017-1538
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735...
CVE-2017-12792
Multiple cross-site request forgery CSRF vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 linkname, 2 url, or 3 title parameter in an add action to linksmanage.php...
SQL Injection Vulnerability in the change_store_num Method of WK+shop General Mall System
WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. WK+shop general mall system changestorenum method has a SQL injection vulnerability, attackers can construct a specific URL t...
UBUNTU-CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...
The vulnerability of the Apache Tomcat application server’s HTTP/2 implementation allows attackers to bypass security checks.
The vulnerability of the Apache Tomcat application server that implements HTTP/2 exists due to an incorrect path limitation for the directory with restricted access. Exploiting this vulnerability allows a malicious actor to bypass security checks by using a specially crafted URL link...
UBUNTU-CVE-2017-2862
An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability...
UBUNTU-CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...
PHP Security Bypass Vulnerability (CNVD-2017-23336)
PHP PHP: HypertextPreprocessor is an open source general-purpose computer scripting language maintained by the PHPGroup and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and program extensions in C and C++. A security vulnerability...
UBUNTU-CVE-2017-5943
Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery CSRF verification tokens via a crafted URL...
Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...
openstack-heat: Template source URL allows network port scan
An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services...
Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...
Samsung SM-N9005 and SM-G920F Samsung kernel for Android secfilter input validation vulnerability
Samsung kernel for Android on SM-N9005 Note 3 and SM-G920F Galaxy S6 are kernels for Android running in the SM-N9005 Note 3 and SM-G920F Galaxy S6 smartphones from Samsung, South Korea. secfilter is one of the URL resolution filtering plugins. secfilter is a URL parsing and filtering plug-in for...
CVE-2016-5959
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136...