630 matches found
The vulnerability of the Live Share extension of the Microsoft Visual Studio software allows a hacker to redirect users to a malicious URL.
The vulnerability of the Live Share extension of the Microsoft Visual Studio development tool is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to redirect users to a malicious URL by convincing them to connect to a specially created Live Share...
OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...
Unencrypted Mobile Traffic on Tor Network Leaks PII
Unencrypted, sensitive and confidential user data originating from millions of mobile devices is carried on the Tor network every day. Now researchers say they have devised away to scoop up that data and create personal profiles for specific mobile users, that include GPS coordinates, web...
keycloak: adapter endpoints are exposed via arbitrary URLs
It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...
keycloak: adapter endpoints are exposed via arbitrary URLs
It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...
keycloak: adapter endpoints are exposed via arbitrary URLs
It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...
CVE-2019-9428
In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:...
The vulnerability of the Pulse Connect Secure corporate network VPN server, related to permission processing errors, allows a hacker to gain read access to arbitrary files.
The vulnerability of the Pulse Connect Secure VPN server for corporate networks is related to permission processing errors. Exploiting this vulnerability could allow a malicious actor to gain read access to arbitrary files by using specially created URIs...
mod_auth_openidc: Shows user-supplied content on error pages
A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs...
CVE-2019-11019
Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/allclaimdetail.php?claimid= URLs...
The vulnerability of the Power Query editor, a spreadsheet editing tool from Microsoft Excel, allows a hacker to redirect users to a malicious URI and execute malicious code.
The vulnerability of the Power Query editor for Microsoft Excel relates to insufficient neutralization of special elements transmitted in URIs. Exploiting this vulnerability allows a malicious actor to redirect users to malicious URIs and execute malicious code using a specially crafted document...
PT-2019-2639 · Twisted Matrix Laboratories +5 · Twisted +5
Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 19.2.1 Description: The issue exists due to insufficient input validation in the twisted.web component of the Twisted network framework. This allows a remote attacker to impact the confidentiality and integrity of...
ALPINE-CVE-2019-12308
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...
CVE-2018-14711
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
IBM Security Privileged Identity Manager Path Traversal Vulnerability
IBM Security Privileged Identity Manager ISPIM is an identity management product within the IBM Identity Governance and Management solution from IBM in the United States. The product is designed to protect, automate and audit the use of privileged identities to help defend against insider threats...
PT-2019-4685 · Redis +9 · Redis +11
Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Python versions 3.x through 3.7.3 Description: An issue in the urllib2 and urllib modules allows for CRLF injection if an attacker controls a url parameter. This can be demonstrated by the first argument to...
Mozilla Firefox Incorrect Source Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 66, which stems from a privilege notification that fails to properly display the originating domain when requesting WebRTC...
CVE-2019-0540
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'...
PT-2019-1227
Name of the Vulnerable Software and Affected Versions Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers affected versions not specified Description A vulnerability in the web-based management interface of the routers could allow an unauthenticated, remote attacker to retrieve...