The vulnerability of the Browser UI component in Microsoft Edge and Google Chrome allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the Browser UI component in Microsoft Edge and Google Chrome is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code or cause a service failure through a specially created malicious web page...

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...

The vulnerability of Google Chrome’s API interface allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of Google Chrome’s browser API is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through a specially crafted HTML page...

Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing...

Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing...

Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing...

Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing...

CVE-2021-20560

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

Security Bulletin: Multiple Vulnerabilities in IBM Sterling Connect:Direct Browser User Interface

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.6.0 and Eclipse 9.4. IBM Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-11771 DESCRIPTION: Eclipse OpenJ9 could allow a local attacker...

CVE-2019-10962

BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and...

CVE-2019-10962

BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1.1.5, and 1.1.6, The web browser user interface on the Alaris Gateway Workstation does not prevent an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to the status and...

Max-Severity Bug in Infusion Pump Gateway Puts Lives at Risk

Researchers have disclosed two separate vulnerabilities within the Becton Dickinson Alaris Gateway Workstation for medical infusion pumps in hospitals, one carrying a critical rating of 10 out of 10 on the CVSS v.3 severity scale. Alaris Gateway Workstations power, monitor and control infusion...

The vulnerability of the TrustZone component in the Android operating system allows a hacker to perform actions that are not intended by the browser interface.

The vulnerability of the TrustZone component in the Android operating system is related to a memory reclamation error. Exploiting this vulnerability could allow a remote attacker to perform actions that were not intended by the browser interface...

[SECURITY] Fedora 24 Update: viewvc-1.1.26-1.fc24

ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...

[SECURITY] Fedora 25 Update: viewvc-1.1.26-1.fc25

ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...

phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities

No description provided by source. ?!-- phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities Vendor: phlyLabs Product web page: http://www.phlymail.com Affected version: Lite 4.03.04 Summary: phlyMail offers you an interface in the browser to have access to your emails,...

Android AirDroid Flaw Can Lead to XSS, DoS Attacks

A cross-site scripting XSS vulnerability exists in the browser version of AirDroid, a cloud management application for Google’s Android phones. According to an alert from the US-Computer Emergency Readiness Team US-CERT, at the current time, there is no patch planned and there is no logical...

phlyLabs phlyMail Lite 4.03.04 XSS / Path Disclosure

phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities input type="hidden" name="M...

phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting

phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities input type="hi...

phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure Persistent Cross-Site Scripting

phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure Persistent Cross-Site Scripting phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities form method="POST" action="http://localhost/config.php?action=user...