CVE-2023-45593

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...

Design/Logic Flaw

A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded...

CVE-2023-45593

The CVE-2023-45593 entry describes a CWE-184 vulnerability in the embedded Chromium browser used by AiLux imx6 bundles. The issue arises from improper handling of alternative URLs (any URL other than http://localhost), allowing a physical attacker to read arbitrary files, alter browser configurat...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Eclipse Jetty

CVE-2021-34429 POC for CVE-2021-34429 - Eclipse Jetty 11.0.5 S...

FortiPortal - Path traversal in controller

A protection mechanism failure vulnerability CWE-693 resulting in improperly limiting pathname to a restricted directory in FortiPortal may allow an authenticated attacker to perform a path traversal attack via maliciously crafted GET parameters...

Rockwell Automation FactoryTalk Services Platform

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote, authenticated users to bypass...

GE Healthcare Ultrasound products (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION : low attack complexity Vendor : GE Healthcare Equipment : Ultrasound Products Vulnerability : Protection Mechanism Failure, Incorrect User Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...

Cross site scripting

Reflected and stored Cross-Site Scripting XSS, CWE-79 vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms CWE-693 and other...

CVE-2017-7422

Reflected and stored Cross-Site Scripting XSS, CWE-79 vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms CWE-693 and other...

CVE-2017-7422

The CVE-2017-7422 entry concerns Micro Focus Enterprise Developer and Enterprise Server (ESM/ESMAN) with the esfadmingui component. It documents reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui affecting version 2.3, including 2.3 Update 1 before Hotfix 8 and...

Gratipay: Vulnerable to clickjacking

Reproduction steps: 1.Open URL :https://grtp.co/ 2.put the url in the below code of iframe Clickjacking GRTP Website is vulnerable to clickjacking! 3.Observe that site is getting displayed in Iframe Impact: By using Clickjacking technique, an attacker hijack's click's meant for one page and route...

ClickJacking protection can be bypassed.

PMASA-2013-10 Announcement-ID: PMASA-2013-10 Date: 2013-08-04 Updated: 2013-08-05 Summary ClickJacking protection can be bypassed. Description phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be...