33 matches found
EUVD-2010-4085
Malware in sbrugna...
EUVD-2021-25594
Malware in sbrugna...
EUVD-2019-5896
Malware in sbrugna...
EUVD-2013-1891
Malware in sbrugna...
EUVD-2023-25604
Malicious code in bioql PyPI...
CVE-2019-14757
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...
CVE-2011-2408
Cross-site scripting XSS vulnerability in the Contacts application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...
CVE-2019-14757
CVE-2019-14757 affects KaiOS 2.5 and 2.5.1. The pre-installed Contacts app is vulnerable to HTML and JavaScript injection when a victim imports a crafted vCard file. The issue enables an attacker to inject HTML into the Contacts UI, potentially displaying malicious prompts and prompting users to ...
CVE-2019-14757
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...
CVE-2018-21078
An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.0 software. The Contacts application allows attackers to originate video calls because SS Supplementary Service and USSD Unstructured Supplementary Service Data codes are improperly secured. The Samsung ID is SVE-2018-11469...
Design/Logic Flaw
An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.0 software. The Contacts application allows attackers to originate video calls because SS Supplementary Service and USSD Unstructured Supplementary Service Data codes are improperly secured. The Samsung ID is SVE-2018-11469...
CVE-2015-3011
CVE-2015-3011 is an XSS in ownCloud’s contacts app (Community Edition) allowing remote authenticated users to inject script/HTML via crafted contacts. Affected: ownCloud Server 5.0.19 and 6.x/7.x before specific fixes. Remediation: upgrade to patched packages (e.g., Debian/DSA-3244-1 fixes). Note...
CVE-2015-3011
Multiple cross-site scripting XSS vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact...
Mandriva Linux Security Advisory : owncloud (MDVSA-2015:191)
Multiple vulnerabilities has been discovered and corrected in owncloud : - Multiple stored XSS in contacts application oC-SA-2015-001 - Multiple stored XSS in documents application oC-SA-2015-002 - Bypass of file blacklist oC-SA-2015-004 The updated packages have been upgraded to the 7.0.5 versio...
Multiple stored XSS in "contacts" application - ownCloud
Due to not sanitising all user provided input, the "contacts" application shipped with the mentioned ownCloud versions is vulnerable to multiple stored cross-site scripting attacks. The "contacts" application is enabled by default in the ownCloud Community Edition but not shipped with the ownClou...
Server: Multiple stored XSS in "contacts" application
Due to not sanitising all user provided input, the "contacts" application shipped with the mentioned ownCloud versions is vulnerable to multiple stored cross-site scripting attacks. The "contacts" application is enabled by default in the ownCloud Community Edition but not shipped with the ownClou...
CVE-2013-1963
The CVE-2013-1963 entry describes a vulnerability in the ownCloud Contacts app where ownership of contacts is not properly enforced, allowing remote authenticated users to download arbitrary contacts via unspecified vectors. Affected versions are ownCloud before 4.5.10 and 5.x before 5.0.5. The u...
CVE-2013-1893
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application...
CVE-2013-1893
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application...