87 matches found
CVE-2018-1000088
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...
DEBIAN-CVE-2018-1000088
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...
Cross site scripting
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...
CVE-2018-1000088
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...
UBUNTU-CVE-2018-1000088
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...
CVE-2018-1000088
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...
Native applications with OAuth 2
By Justin Richer and Antonio Sanso This article was excerpted from the book OAuth 2 in Action. The OAuth core specification specifies four different grant types: Authorization Code, Implicit, Resource Owner Password Credentials and Client Credentials. Each grant type is designed with different...
Fedora 22 : webkitgtk4-2.10.9-1.fc22 (2016-68b43a4e0d)
This update together with the previous release brings the following fixes Security fixes: CVE-2016-1726 Limit the number of tiles according to the visible area. This was causing a huge memory consumption with some websites. Fix rendering of form controls and scrollbars with GTK+ = 3.19. Fix HTTP...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.
The vulnerability of the PrintWebViewHelper class in the components/printing/renderer/printwebviewhelper.cc module of the Google Chrome browser is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause service failures by triggering embedded...
UBUNTU-CVE-2015-1295
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/printwebviewhelper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC...
chromium-browser: Use-after-free in Printing
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/printwebviewhelper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC...
Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13248/info Microsoft Windows Explorer is prone to a script injection vulnerability. This occurs when the Windows Explorer preview pane Web View is enabled on Windows 2000 computers. Windows 98/98SE/ME are also affected by...
Microsoft Windows Web View Script Injection (MS05-024; CVE-2005-1191)
Metadata is a general term for data which is used to describe characteristics of data. It is generally used to provide information such as title, author, modification history, as well as any other relevant characteristics. In Microsoft implementations there are two common approaches to storing fi...
Cisco Unified Communications管理应用程序特权提升漏洞
Cisco Unified Communications Manager(CUCM,之前被称为CallManager)是Cisco IP电话解决方案中的呼叫处理组件。 Cisco Unified Communications管理应用程序包含的基于WEB的工具存在访问验证问题,远程攻击者可以利用漏洞访问设备敏感信息和更改应用程序配置。 Cisco Unified ICME, Unified ICMH, UCCE,...
Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability Document ID: 97836 Advisory ID: cisco-sa-20071017-IPCC http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml Revision 1.0 For Public Release 2007...
MS06-057: Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
The remote host is running a version of Windows that contains a flaw in the Windows Explorer WebViewFolderIcon ActiveX control Web View. An attacker may be able to execute arbitrary code on the remote host by constructing a malicious script and enticing a victim to visit a website or view a...
Internet Explorer WebViewFolderIcon setSlice integer overflow
Added: 09/29/2006 CVE: CVE-2006-3730 BID: 19030 OSVDB: 27110 Background The WebViewFolderIcon ActiveX control provides support for icons in the Windows Explorer Web view. Problem An integer overflow vulnerability in the setSlice method in the WebViewFolderIcon ActiveX control allows remote comman...
Cabletron Web View Administrative Access
This host is a Cabletron switch and is running Cabletron WebView. This web software provides a graphical, real-time representation of the front panel on the switch. This graphic, along with additionally defined areas of the browser interface, allow you to interactively configure the switch, monit...
CVE-2005-2117
Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code...
MS05-024: Vulnerability in Web View Could Allow Code Execution (894320)
The remote host is running a version of Microsoft Windows that contains a security flaw in the Web View of the Windows Explorer that could allow an attacker to execute arbitrary code on the remote host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and...