2170 matches found
OpenJDK: URL deserialization inconsistencies (Networking, 8059054)
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking...
CVE-2016-0032
Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."...
Vulnerability of Firefox and Firefox ESR browsers, which allows hackers to circumvent existing access restrictions policies
The vulnerability of Firefox and Firefox ESR browsers is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions by using specially crafted data and URL schemes...
tomcat: URL Normalization issue
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...
Apple iOS URL Forgery Vulnerability
Apple iOS is an operating system developed by Apple for use in cell phones and other devices. A security vulnerability exists in Apple iOS that allows attackers to exploit a vulnerability to build malicious web pages that can be spoofed URLs by tricking users into parsing them...
Apache Cordova vulnerable to improper application of whitelist restrictions
Overview Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. Android applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied. Muneaki Nishimura of Sony Digita...
Newphoria applican framework cross-site scripting vulnerability
Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. A cross-site scripting vulnerability exists in the runtime engine of Newphoria applican framework 1.12.6 and earlier for Android and Newphoria...
Cisco Unified Computing System (5b)A on blade servers information disclosure vulnerability
Cisco Unified Computing System is the U.S. Cisco Cisco company's a set of computing, virtualization and networking in one platform. An information disclosure vulnerability exists in Cisco Unified Computing System 2.25bA on blade servers. This allows remote attackers to obtain potentially sensitiv...
UBUNTU-CVE-2015-7195
The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect...
TIBCO Spotfire Server Information Disclosure Vulnerability (CNVD-2015-07301)
TIBCO Spotfire Server is based on TIBCO Spotfire data analysis and mining tools of TIBCO Software Inc. of the United States to provide integration, operation and management of the platform for the enterprise. TIBCO Spotfire Server versions 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5....
IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management Cross-Site Scripting Vulnerability
IBM Emptoris Strategic Supply Management Platform is a strategic supply management solution from IBM that helps organizations maximize cost savings, improve supplier performance and reduce risk. A cross-site scripting vulnerability exists in IBM Emptoris Strategic Supply Management Platform and...
The vulnerability of the iOS operating system allows a hacker to replace the content of web pages.
The vulnerability of the Safari browser’s user interface on the iOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace a web page by changing its URL address...
The vulnerability of the iOS operating system allows a hacker to replace the content of web pages.
The vulnerability of the Safari browser’s user interface on the iOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace a web page by changing its URL address...
Newphoria applican framework authentication bypass vulnerability
Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. An authentication bypass vulnerability exists in Newphoria applican framework. This allows attackers to bypass the whitelist.xml URL whitelist...
The vulnerabilities of Microsoft Lync Server and Skype for Business Server allow attackers to inject arbitrary web or HTML code.
The vulnerability of the jQuery server messaging components in Microsoft Lync Server and Skype for Business Server exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code through a special...
Belkin N600 DB Wireless Dual Band N+ Cross-Site Request Forgery Vulnerability
Belkin N600 DB Wireless Dual Band N+ is a wireless dual band router product from Belkin USA. The Belkin N600 DB Wireless Dual Band N+ suffers from a cross-site request forgery vulnerability that allows a remote attacker to construct a malicious URI, trick the user into parsing it, and perform...
NTT Broadband Platform Japan Connected-free Wi-Fi Application Security Bypass Vulnerability
NTT Broadband Platform Japan Connected-free Wi-Fi application for Android and iOS is a suite of Android and iOS-based applications from NTT Broadband Platform Japan for finding and automatically connecting to nearby free Wi-Fi in Japan. free Wi-Fi application for Android and iOS by NTT Broadband...
The vulnerability of the iOS operating system, which allows a hacker to trigger a service failure
The vulnerability of the Safari component in the iOS operating system is related to improper data handling. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially crafted URL, due to the lack of restrictions on the number of JavaScript notifications...
The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary web or HTML code.
The vulnerability of the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially crafted URL...
chromium-browser: Use-after-free in blink.
The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service invalid count value and use-after-free or possibly...