Lucene search
K

107 matches found

NVD
NVD
added 2020/01/02 8:15 p.m.23 views

CVE-2014-0169

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...

6.5CVSS6.3AI score0.00776EPSS
Exploits0References2
CVE
CVE
added 2020/01/02 7:9 p.m.98 views

CVE-2014-0169

CVE-2014-0169 affects JBoss EAP 6: a security domain uses a cache shared across all applications in the domain, enabling an authenticated user from one application to access resources in another without proper authorization. Root cause cited as lack of clear documentation on cache isolation betwe...

6.5CVSS6.3AI score0.00776EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/12/20 8:21 p.m.39 views

Mail.ru: Cross application scripting via account.mail.ru

Crossapplication scripting via User-Agent on push login confirmation functionality in mobile application in the context of account.mail.ru domain allowed session hijacking with minimal user interaction...

1.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:31 p.m.26 views

Security Bulletin: IBM Mobile Foundation, IBM Worklight, and IBM Worklight Foundation are affected by the following Apache Cordova vulnerabilities: CVE-2014-3500, CVE-2014-3501 and CVE-2014-3502

Summary Apache Cordova, which is used by these products, is vulnerable to Cross-Application Scripting XAS and Data Exfiltration vulnerabilities. A remote attacker might exploit these vulnerabilities to expose sensitive data from the mobile application. Vulnerability Details CVEID: CVE-2014-3500...

6.4CVSS0.9AI score0.04964EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2017/10/12 2:0 p.m.10 views

Mail.ru: XSS на e.mail.ru в мобильном приложении!

Cross application scripting via message content in mobile mail application. Vulnerability affected a limited number of external domains connected in Mail.Ru mail application. Users of Mail.Ru mailboxes and largest mailbox providers were not affected, no access to confidential data was possible as...

3.7AI score
Exploits0
OSV
OSV
added 2017/04/17 12:0 a.m.5 views

UBUNTU-CVE-2017-5648

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was...

9.1CVSS7.1AI score0.13225EPSS
Exploits0References4
Hacker One
Hacker One
added 2016/07/20 9:53 p.m.12 views

Harvest: Leak of all project names and all user names , even across applications

Summary ------------ All project names and user names can be leaked, even cross application. Steps to reproduce ------------ 1. Create a new expense, this should generate a POST request like this: bash POST /api/v2/expenses?userid=1340164 HTTP/1.1 Host: 8888sasdf.harvestapp.com - snip -...

0.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/03/31 5:0 p.m.6 views

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

4.3CVSS6.6AI score0.07616EPSS
Exploits0References4
securityvulns
securityvulns
added 2014/07/14 12:0 a.m.55 views

Microsoft Lync information leakage

Cross application scripting...

4.3CVSS1AI score0.5109EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

SPI Dynamics WebInspect 5.0.196 Cross Application Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14385/info WebInspect is vulnerable to a cross-application script injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied data prior to including it in content rendere...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

KDE <= 4.4.1 Ksysguard RCE via Cross Application Scripting

No description provided by source. Exploit Title: Ksysguard RCE via Cross Application Scripting Date: 2010 03 20 Author: Emanuele 'emgent' Gentili Code: http://www.backtrack.it/emgent/exploits/20100320KsysguardRCECAS.txt Version: = 4.4.1 CVE : N/A Vendor: http://www.kde.org Video:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Ziepod+ 1.0 Cross Application Scripting

No description provided by source. !/usr/bin/python import thread import socket |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | |...

6.7AI score
Exploits0
OSV
OSV
added 2014/05/31 12:0 a.m.3 views

UBUNTU-CVE-2014-0119

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to 1 read arbitrary files via a crafted web application that provides an XML external entity...

4.3CVSS6.7AI score0.07616EPSS
Exploits0References3
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.114 views

Chrome for Android - UXSS via com.android.browser.application_id Intent extra

CVE Number: CVE-2012-4905 Title: Chrome for Android - UXSS via com.android.browser.applicationid Intent extra Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: By sending a...

4.3CVSS0.5AI score0.01553EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2012/12/18 10:43 p.m.8 views

Mojarra: deployed web applications can read FacesContext from other applications under certain conditions

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function...

2.1CVSS5.8AI score0.00545EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/12/18 10:23 p.m.4 views

Mojarra: deployed web applications can read FacesContext from other applications under certain conditions

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function...

2.1CVSS5.8AI score0.00545EPSS
Exploits1References4
NVD
NVD
added 2012/09/13 8:55 p.m.23 views

CVE-2012-4904

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS UXSS" attacks against the current tab...

4.3CVSS5.3AI score0.00653EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2012/09/13 8:55 p.m.25 views

CVE-2012-4904

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS UXSS" attacks against the current tab...

4.3CVSS6AI score0.00653EPSS
Exploits0References3
CVE
CVE
added 2012/09/13 8:0 p.m.71 views

CVE-2012-4904

CVE-2012-4904 is a Cross-site scripting (UXSS) vulnerability in Google Chrome for Android, affecting versions before 18.0.1025308. The issue allows remote attackers to inject arbitrary web script via unspecified vectors, demonstrated as UXSS attacks on the current tab. Affected product: Google Ch...

4.3CVSS5.4AI score0.00653EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2012/09/13 8:0 p.m.28 views

CVE-2012-4904

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS UXSS" attacks against the current tab...

5.3AI score0.00653EPSS
Exploits0References2
Rows per page
Query Builder