207 matches found
CVE-2020-26085
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...
Information disclosure
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...
CVE-2020-26085
CVE-2020-26085 and related Cisco Jabber vulnerabilities affect Cisco Jabber Desktop and Mobile Client (Windows, macOS, and mobile). The connected sources describe multiple flaws that could allow an attacker to execute arbitrary code or access sensitive information on the underlying OS, with netwo...
Telerik Fiddler Code Injection Vulnerability
Telerik Fiddler is an HTTP protocol debugging proxy tool. A code injection vulnerability exists in Telerik Fiddler 5.0.20202.18177 and earlier versions, which allows an attacker to execute an arbitrary program via a hostname with a space character at the end, followed by the --utility-and-browser...
CVE-2020-27134
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...
CVE-2020-27132
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...
CVE-2020-27127
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...
Information disclosure
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...
CVE-2020-27133
CVE-2020-27133 is a Cisco Jabber Desktop and Mobile Client vulnerability family affecting Cisco Jabber for Windows, MacOS, and mobile platforms. The CVE entries arise from multiple issues in message handling and input validation: CVE-2020-26085 (XMPP message handling leading to remote code execut...
CVE-2020-13661
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...
CVE-2020-13661
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...
CVE-2020-13661
Telerik Fiddler before 5.0.20204. fixes the vulnerability CVE-2020-13661 which allows code execution through a crafted hostname with a trailing space followed by --utility-and-browser --utility-cmd-prefix= and the path to a locally installed program. The attack requires the user to interactively ...
CVE-2020-13661
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...
PYSEC-2020-222
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...
Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution (cisco-sa-webex-client-url-fcmpdfVY)
According to its self-reported version, Cisco Webex Meetings Desktop App is affected by a vulnerability due to improper validation of input that is supplied to application URLs. An unauthenticated, remote attacker can exploit this, by persuading a user to follow a malicious URL, in order to execu...
CVE-2020-3263 Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution Vulnerability
A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by...
CVE-2020-12473
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program...
CVE-2019-20343
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...
Code injection
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...
CVE-2019-9745
CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...