CVE-2021-27764 HCL BigFix WebUI Cookie missing attributes

Cookie without HTTPONLY flag set. NUMBER cookies was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. WebUI...

alignak-webui (>=0.11.1 <=0.12.2), candig-ingest (>=1.3.1 <=1.5.0) +4 more potentially affected by CVE-2013-7489 via beaker (>=1.10.0 <=1.11.0)

beaker PYPI version =1.10.0, =0.11.1, =1.3.1, =1.2.3, =0.1.0, =1.0.0, =1.0.1, =1.0.5 Source cves: CVE-2013-7489 Source advisory: OSV:GHSA-3CWM-7JMM-774W...

The vulnerability of the WebUI component of the Oracle Enterprise Session Border Controller allows a perpetrator to compromise the integrity of the protected information.

The vulnerability of the Oracle Enterprise Session Border Controller’s WebUI component exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected information through HTTP requests...

The vulnerability of the user interface of the WebUI on Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.

The vulnerability of the WebUI user interface of Google Chrome and Microsoft Edge is related to the overflow of buffers in the dynamic memory during the processing of HTML content. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web pag...

Heap Buffer Overflow

chromium is vulnerable to use after free.The vulnerability exist in WebUI, allowing a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools...

Denial Of Service (DoS)

chromium is vulnerable to denial of service DoS attacks. A malicious user is able to cause memory corruption via the component WebUI...

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in WebUI which allows an attacker to cause a memory corruption which may lead to an application crash...

Chromium: CVE-2022-1143 Heap buffer overflow in WebUI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA12495 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Portals can be...

CVE-2022-24796

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution RCE vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input...

Design/Logic Flaw

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution RCE vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input...

CVE-2022-24796 Remote Command Injection in RaspberryMatic

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution RCE vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input...

CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...

CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...

Cross site request forgery (csrf)

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...

CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...

CVE-2022-23869

In RuoYi v4.7.2 WebUI, there is a privilege-check bypass in password reset: user test1 cannot reset test3’s password per permissions, yet the /system/user/resetPwd endpoint can reset test3’s password, enabling unauthorized password-reset actions.

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google Inc.V8 is one of the open source JavaScript engines. Google Chrome suffers from a resource management error vulnerability that exists due to a use-after-free error in the WebUI in Google Chrome. A remote attacker could trick a victim into visiting a...

BuilderTorCTPHPRAT.b Shell Upload

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Arbitrary File Upload - RCE Family: TorCTPHPRAT Type: WebUI MD5...

BuilderTorCTPHPRAT.b Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Insecure Credential Storage Description: The default password fo...