23 matches found
EUVD-2019-3368
Malware in sbrugna...
CVE-2025-42975
SAP NetWeaver Application Server ABAP BIC Document allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to acces...
The vulnerability of the LibreOffice office software package, related to errors in processing hyperlinks within documents, allows a perpetrator to execute arbitrary code.
The vulnerability of the LibreOffice office software package is related to errors in processing hyperlinks within documents. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user opens a specially crafted hyperlink...
CVE-2024-41997
An issue was discovered in version of Warp Terminal prior to 2024.07.18 v0.2024.07.16.08.02. A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the warp://action/docker/opensubshell intent that when clicked ...
CVE-2023-48443
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
PT-2023-8638 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue exists due to inadequate protection of the web page structure. Exploitation may allow a remote attacker to execute arbitrary code. A low-privileged attacker can...
SUSE CVE-2008-2379
Cross-site scripting XSS vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message...
ismartgate PRO Clickjacking Vulnerability
iSmartGate is a smart garage door opener system. A clickjacking vulnerability exists in ismartgate PRO, which allows remote attackers to exploit the vulnerability to submit a special URL request that can be parsed by the user, which can be used to gain access to sensitive information, among other...
CVE-2019-11698
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...
NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0159)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of...
Cross site scripting
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...
CVE-2019-11698
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...
CVE-2019-11698
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...
Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...
Information Disclosure
firefox/thunderbird is vulnerable to information disclosure. If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and...
Mozilla Thunderbird < 60.7
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use...
CVE-2019-11698
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...
Security vulnerabilities fixed in Thunderbird 60.7 — Mozilla
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...
The vulnerability of the Media Player component of the Windows operating system, related to errors in memory object handling mechanisms, allows a perpetrator to gain access to confidential information.
The vulnerability of the Media Player component of the Windows operating system is related to errors in the memory object handling mechanisms. Exploiting this vulnerability can allow a malicious actor, acting remotely, to gain access to confidential information through a specially crafted hyperli...
CVE-2017-12224
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the...