Lucene search
K

196 matches found

Prion
Prion
added 2019/08/28 12:15 p.m.13 views

Design/Logic Flaw

Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...

4.3CVSS6.1AI score0.0095EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/08/28 11:59 a.m.50 views

CVE-2015-9366

CVE-2015-9366 affects the Custom URL Tracking Add-on for iThemes Exchange (WordPress) prior to version 1.1.0. The vulnerability is an XSS via add_query_arg() and remove_query_arg(). The NVD data lists CVSSv2 base score 4.3 (MEDIUM) with I:P and A:N, and CVSSv3 base score 6.1 (MEDIUM) with I:L, C:...

6.1CVSS6AI score0.0095EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2019/07/15 5:44 p.m.68 views

iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts

Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme. By default on Apple's iOS operating system, every app runs...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.27 views

openSUSE Security Update : python-Django (openSUSE-2019-614)

This update for python-Django to version 2.08 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed : - Fixed a regression in Django 2.0.7 that broke the...

6.1CVSS6.1AI score0.2549EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/02/09 10:0 p.m.23 views

CVE-2017-0911

Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the...

5.1AI score0.00511EPSS
Exploits0References5
Prion
Prion
added 2017/10/23 1:29 a.m.22 views

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

5CVSS6.7AI score0.01951EPSS
Exploits1References8Affected Software5
Debian CVE
Debian CVE
added 2017/10/23 1:0 a.m.24 views

CVE-2017-7090

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

7.5CVSS7.3AI score0.01951EPSS
Exploits1
OSV
OSV
added 2017/10/18 12:0 a.m.3 views

UBUNTU-CVE-2017-7090

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

7.5CVSS7.2AI score0.01951EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2016/07/29 12:0 a.m.19 views

Fedora 23 : drupal7-views (2016-ed5f606dde)

Fixes Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036 Changes since 7.x-3.13 : - Adding field handlers for statistics fields - \2200309 by helmo: Changed invalid placeholder from 'handler' to 'extender'. - \2708535 by stefan.r: Allow users to sort on a specific language, showing it...

5.5AI score
Exploits0References1
NVD
NVD
added 2016/05/20 10:59 a.m.21 views

CVE-2016-1800

Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors...

9.3CVSS8.5AI score0.03744EPSS
Exploits0References4
OSV
OSV
added 2016/05/20 10:59 a.m.3 views

CVE-2016-1800

Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors...

8.8CVSS6.1AI score0.03744EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Working Resources BadBlue 1.7.1 Search Page Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6253/info The ext.dll ISAPI does not sufficiently sanitize user-supplied input when processing search queries. This may allow an attacker to create a custom URL containing script code that, when viewed in a browser by a...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2014/03/04 11:2 p.m.15 views

Safari User-Assisted Download and Run Attack

This module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APPNAME" is an application downloaded from the internet. A...

10AI score
Exploits0
Packet Storm
Packet Storm
added 2008/08/06 12:0 a.m.20 views

wsnprod-lfiexec.txt

Author: otmorozok428, http://forum.antichat.ru Products: Wsn Forum Enter to upload: http://www.site.com/forum/profile.php?action=editprofile&id=Your User ID See the avatar name at your profile. Upload evil avatar and go to: index.php?custom=yes&TID=../../attachments/avatars/Avatar...

7.4AI score
Exploits0
NVD
NVD
added 2002/03/15 5:0 a.m.24 views

CVE-2002-0070

Buffer overflow in Windows Shell used as the Windows Desktop allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled...

7.6CVSS7.7AI score0.202EPSS
Exploits1References7
Exploit DB
Exploit DB
added 2000/01/01 12:0 a.m.107 views

Phorum 3.0.7 - 'violation.php3' Arbitrary Email Relay

source: https://www.securityfocus.com/bid/2272/info Phorum is a freely available, open source package originally written by Brian Moon. The package is designed to add enhanced features to a web page, allowing users to interact through bulletin board style chats forums and discussions. A problem...

7.4AI score
Exploits0
Rows per page
Query Builder