21 matches found
CVE-2026-0085
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0085
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0085
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-45591
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0012
CVE-2026-0012 affects Android’s ExpandableNotificationRow.java (setHideSensitive) with a logic error causing a local information disclosure of contact names. Exploitation requires no user interaction and grants no privileges beyond local access; the issue is classified as information disclosure (...
ASB-A-392614656
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-198350
Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system...
EUVD-2016-7728
Malware in sbrugna...
GHSA-8C8V-R5JJ-4425 Liferay Contacts Center widget has insecure direct object reference
Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...
CVE-2025-43803
Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...
PT-2025-38612
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.6 Liferay Portal versions 7.4 GA through update 92 Description An insecure direct object reference...
CVE-2018-17502
The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails...
Design/Logic Flaw
The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails...
Mixmax: [compose.mixmax.com] Stored XSS on compose.mixmax.com in contact names.
Thanks @sh3r1 !...
Huawei P7-L10 MeWidget Information Disclosure Vulnerability
The P7-L10 is a smartphone from the Chinese company Huawei.MeWidget is one of the desktop customization tools. An information disclosure vulnerability exists in the MeWidget plugin in Huawei P7-L10 V100R001C00B136 and earlier versions. The vulnerability can be exploited by an attacker with the he...
CVE-2016-6843
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a...
CVE-2016-6843
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a...
Open redirect
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a...
Scientific Linux Security Update : evolution on SL6.x i386/x86_64 (20130221)
The way Evolution handled mailto URLs allowed any file to be attached to the new message. This could lead to information disclosure if the user did not notice the attached file before sending the message. With this update, mailto URLs cannot be used to attach certain files, such as hidden files o...
CVE-2011-0745
SugarCRM prior to 6.1.3 is affected by CVE-2011-0745. The issue arises when reloading or directly requesting a warning page produced by a duplicate-check, allowing remote authenticated users to see names they normally should not access: (1) customer names via ShowDuplicates in the Accounts module...