196 matches found
Design/Logic Flaw
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...
CVE-2015-9366
CVE-2015-9366 affects the Custom URL Tracking Add-on for iThemes Exchange (WordPress) prior to version 1.1.0. The vulnerability is an XSS via add_query_arg() and remove_query_arg(). The NVD data lists CVSSv2 base score 4.3 (MEDIUM) with I:P and A:N, and CVSSv3 base score 6.1 (MEDIUM) with I:L, C:...
iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts
Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme. By default on Apple's iOS operating system, every app runs...
openSUSE Security Update : python-Django (openSUSE-2019-614)
This update for python-Django to version 2.08 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed : - Fixed a regression in Django 2.0.7 that broke the...
CVE-2017-0911
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the...
Design/Logic Flaw
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to...
CVE-2017-7090
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to...
UBUNTU-CVE-2017-7090
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to...
Fedora 23 : drupal7-views (2016-ed5f606dde)
Fixes Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036 Changes since 7.x-3.13 : - Adding field handlers for statistics fields - \2200309 by helmo: Changed invalid placeholder from 'handler' to 'extender'. - \2708535 by stefan.r: Allow users to sort on a specific language, showing it...
CVE-2016-1800
Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors...
CVE-2016-1800
Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors...
Working Resources BadBlue 1.7.1 Search Page Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6253/info The ext.dll ISAPI does not sufficiently sanitize user-supplied input when processing search queries. This may allow an attacker to create a custom URL containing script code that, when viewed in a browser by a...
Safari User-Assisted Download and Run Attack
This module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APPNAME" is an application downloaded from the internet. A...
wsnprod-lfiexec.txt
Author: otmorozok428, http://forum.antichat.ru Products: Wsn Forum Enter to upload: http://www.site.com/forum/profile.php?action=editprofile&id=Your User ID See the avatar name at your profile. Upload evil avatar and go to: index.php?custom=yes&TID=../../attachments/avatars/Avatar...
CVE-2002-0070
Buffer overflow in Windows Shell used as the Windows Desktop allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled...
Phorum 3.0.7 - 'violation.php3' Arbitrary Email Relay
source: https://www.securityfocus.com/bid/2272/info Phorum is a freely available, open source package originally written by Brian Moon. The package is designed to add enhanced features to a web page, allowing users to interact through bulletin board style chats forums and discussions. A problem...