EUVD-2019-20167

Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code through the name, subject, and message parameters in POST requests to...

CVE-2017-2368

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service application crash via a crafted contact card...

Apple iOS Contacts Denial of Service Vulnerability

Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in Apple iOS Contacts handling business cards, which can be exploited by a local attacker to submit a special contact business card and crash the application...

CVE-2015-3011

Multiple cross-site scripting XSS vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact...

CVE-2015-3011

Multiple cross-site scripting XSS vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact...

Pidgin: Invalid pointer dereference (crash) after receiving contacts from SIM IM client

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service application crash via crafted contact-list data for 1 ICQ and possibly 2 AIM, as demonstrated by the SIM IM client...

Design/Logic Flaw

Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported...

CVE-2007-3032

Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported...

CVE-2007-3032

Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported...

CVE-2007-3032

CVE-2007-3032 is a Windows Vista vulnerability in the Contacts Gadget that could allow remote code execution when a user imports specially crafted contact data. The issue, described across multiple sources, arises from insufficient validation of imported contact information, enabling code executi...