160 matches found
CVE-2024-6379
A reflected Cross-site Scripting XSS vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
Citrix Systems NetScaler ADC and Citrix Systems NetScaler Gateway Security Vulnerabilities
Citrix Systems NetScaler Gateway Citrix Systems Gateway and Citrix Systems NetScaler ADC are both products of Citrix Systems, Inc.Citrix Systems NetScaler Gateway is a secure remote access solution. The solution provides administrators with application-level and data-level controls to enable user...
BIT-ELK-2024-23442 Kibana open redirect issue
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL...
CVE-2024-23664
A URL redirection to untrusted site 'open redirect' in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL...
CVE-2024-2465
Open redirection vulnerability in CDeX enables redirection to arbitrary websites via a crafted URL and affects CDeX versions up to 5.7.1, per RH and NVD entries. No remediation or exploit specifics are provided in the connected documents.
Debian dla-3765 : cacti - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3765 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3765-1 [email protected]...
The vulnerability in the cursor display implementation of Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a hacker to obtain arbitrary permissions on a website without user consent.
The vulnerability in the cursor display implementation of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an incorrect limitation on the number of layers or frames that can be displayed. Exploiting this vulnerability allows a malicious actor to obtain arbitrary...
CVE-2024-25559
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...
Authorization
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack...
JVN#70818619: "Mercari" App for Android fails to restrict custom URL schemes properly
"Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...
Mercari Security Vulnerability
Mercari is an online trading application for used items from Mercari Japan. A security vulnerability exists in Mercari versions prior to 5.78.0, which stems from improperly restricting access using custom URLs, and could allow a remote attacker to direct a user to an arbitrary website...
CVE-2023-45203 Online Examination System v1.0 - Multiple Open Redirects
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...
Important: cacti
Issue Overview: Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution ...
CVE-2023-41609
An open redirect vulnerability in the sanitizeurl parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL...
CVE-2023-41609
An open redirect vulnerability in the sanitizeurl parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL...
CVE-2023-39364
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The authchangepassword.php file accepts ref as a URL parameter and...
CVE-2023-39364
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The authchangepassword.php file accepts ref as a URL parameter and...
CVE-2023-40530
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device...
Authorization
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device...
CVE-2023-40530
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device...