37 matches found
EUVD-2025-24884
Malicious code in bioql PyPI...
CVE-2025-20302
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
CVE-2025-20302
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
CVE-2025-20301
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
CVE-2025-20302 Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
CVE-2025-20302 Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
CVE-2025-20301 Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
PT-2025-33338 · Cisco · Cisco Secure Fmc
Name of the Vulnerable Software and Affected Versions: Cisco Secure FMC Software affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain...
Error - "Your Logon has expired. Please logon again to continue".
An error is seen logging on to Storefront. "Your logon has expired. Please log on again to continue" Error is only seen when logging on as a user from a different domain to that of the Storefront server...
CVE-2023-46839
PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context...
CVE-2023-2444
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, t...
SUSE CVE-2009-4129
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain...
CVE-2020-26072
A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...
Authorization
A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...
Cisco IoT Field Network Director 访问控制错误漏洞
Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. An access control error vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. An attacker could exploit this vulnerability by sending an API request that changes the...
Uber: Access to SQL server of ubergreen.pt through password disclosure from different domain on same IP
The uber microsite http://ubergreen.pt has an open MYSQL port on 3306. ubergreen.pt itself is hosted on the IP 109.71.41.173. After some research, it was found that this IP also hosts many other domains. As of yesterday 11/10/18, this included the domain apps.etnos.co. This domain existed on the...
Design/Logic Flaw
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
CVE-2015-0070
Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different 1 domain or 2 zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."...
CVE-2012-4168
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540...
Code injection
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540...