2156 matches found
The vulnerability of the Firefox browser allows a hacker to bypass existing access restrictions and alter the location.host property.
The vulnerability of Firefox browsers is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and alter the location.host property using unreliable URL data...
CVE-2016-2872
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL...
CVE-2016-0400
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...
IBM WebSphere Application Server HTTP Response Vulnerability
IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. There is a security vulnerability in IBM WAS. A remote...
UBUNTU-CVE-2016-1864
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL...
Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04089)
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...
Vulnerabilities of iOS and Mac OS X operating systems, allowing attackers to obtain confidential information
The vulnerability of the CFNetwork Proxies subsystem in iOS and Mac OS X systems exists due to incorrect URL addresses in http and https requests. Exploiting this vulnerability can allow a malicious actor to obtain confidential information remotely...
tomcat: directory disclosure
It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that...
The vulnerability of Google Chrome browser allows a hacker to manipulate the URL string.
The vulnerability of the WebContentsImpl::FocusLocationBarByDefault function content/browser/webcontents/webcontentsimpl.cc in the Google Chrome browser exists due to improper handling of calls to certain empty pages. Exploiting this vulnerability can allow a malicious actor to manipulate the URL...
Apache Cordova iOS Malicious Resource Loading Vulnerability
Apache Cordova iOS is a platform for developing iOS-based mobile applications using HTML, CSS and JavaScript, and is the core engine that drives PhoneGap. A security vulnerability exists in Apache Cordova iOS that allows remote attackers to load malicious resources by exploiting a method that can...
The vulnerabilities of the data backup and application protection tools IBM Spectrum Protect Snapshot, as well as the virtual machine protection tools IBM Spectrum Protect for Virtual Environments, allow attackers to enhance their privileges.
The vulnerability of the Data Protection component in data backup and application solutions from IBM Spectrum Protect Snapshot, as well as in virtual machine protection solutions from IBM Spectrum Protect for Virtual Environments, is related to deficiencies in access control. Exploiting this...
Drupal Core double-encoded 'destination' parameter open redirect vulnerability
Drupal is a free and open source content management system developed in PHP. An open redirection vulnerability exists in the Drupal Core double encoding of the 'destination' parameter.The Drupal 6 'drupalgoto' function fails to correctly decode the content of $REQUEST'destination' when used,...
CVE-2016-1314
Cross-site scripting XSS vulnerability in Cisco Unified Communications Domain Manager CDM 8.11 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760...
The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to inject any Web or HTML code.
The vulnerability of the application interface of the IBM WebSphere Portal servers exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted URL...
The vulnerability of the Moodle learning management system allows a hacker to replace a user during a session.
The vulnerability of the admin/registration/register.php function in the Moodle learning management system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to replace a user during a session by sending a request that sends statistics to...
The vulnerability of the Moodle learning management system allows a hacker to bypass existing access restrictions.
The vulnerability of the Moodle learning management system’s module selection involves deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions by visiting a specific URL to add or delete answers in a closed state...
IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2016-01424)
IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects an organization internally and externally, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability exists in...
Swann SRNVW-470LCD and SWNVW-470CAM License Issue Vulnerability
The Swann SRNVW-470LCD and SWNVW-470CAM are both wireless HD surveillance systems from Swann Australia. An authorization issue vulnerability exists in the Swann SRNVW-470LCD and SWNVW-470CAM, which allows remote attackers to view live video streams by accessing an unspecified URL...
The vulnerability of the Internet Explorer browser, which allows a violator to obtain confidential information
The vulnerability of the Hyperlink Object Library component in Internet Explorer is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to obtain confidential information through a specially crafted URL in an email message or Office docume...
Microsoft Visual Studio Cross-Site Request Forgery Vulnerability
Microsoft Visual Studio is a family of development toolkits from Microsoft Corporation, USA. A cross-site request forgery vulnerability exists in Microsoft Visual Studio that allows remote attackers to construct malicious URIs, trick users into parsing them, which can be targeted to perform...