Lucene search
K

50 matches found

Cisco
Cisco
added 2021/10/20 4:0 p.m.77 views

Cisco Webex Software Application Authorization Bypass Vulnerability

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation o...

4.3CVSS5.8AI score0.00438EPSS
Exploits0References1
Typo3
Typo3
added 2021/07/20 12:0 a.m.26 views

CSV Code Injection

CSV code injection is an attack scenario, where untrusted user input is written to a CSV file and leads to the execution of code formulas when the file is consumed by an external application e.g. Microsoft Excel or Google Sheets. As a result, this may lead to Data Exfiltration or Remote Code...

8AI score
Exploits0
Mageia
Mageia
added 2021/05/23 1:30 a.m.36 views

Updated libx11 packages fix a security vulnerability

XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the emission of extra X protoc...

9.8CVSS4.4AI score0.10634EPSS
Exploits2References4
OSV
OSV
added 2020/07/23 4:23 a.m.3 views

OPENSUSE-SU-2020:1042-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 bsc1173948 MFSA-2020-0003 bmo1644076 X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR Fixed: Security fix Fixed: Fixed an accessibility regression in...

7.1AI score
Exploits0References2
OSV
OSV
added 2020/07/20 11:49 a.m.1 views

SUSE-SU-2020:1958-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 bsc1173948 MFSA-2020-0003 bmo1644076 X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR Fixed: Security fix Fixed: Fixed an accessibility regression in...

7.1AI score
Exploits0References2
Prion
Prion
added 2020/02/10 3:15 p.m.22 views

Cross site scripting

It was found in all keycloak versions before 9.0.0 that links to external applications Application Links in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further...

3.5CVSS6.1AI score0.00758EPSS
Exploits0References1Affected Software2
Hacker One
Hacker One
added 2018/09/29 6:41 a.m.50 views

Brave Software: Field Day With Protocol Handlers

Summary ===================== When launching a protocol such as mailto:, SEARCH:, or bitcoin:, Brave only asks to allow the protocol to be opened by an external application. You can select on whether or not to remember the decision or not and to allow or deny it. The issue is that upon selecting...

7AI score
Exploits0
Prion
Prion
added 2015/06/01 7:59 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the externalformattext function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a...

3.5CVSS5.5AI score0.01459EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.32 views

perl Module::Signature privilege escalation

Relative path is used to execute external application...

4.4CVSS3.1AI score0.00557EPSS
Exploits1References1
securityvulns
securityvulns
added 2011/05/05 12:0 a.m.85 views

OpenSSH ssh-keysign information leak

File descriptor for private keys file is not closed on exeternal application execution...

1AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/08/26 12:0 a.m.37 views

FreeBSD : opera -- multiple vulnerabilities (73ec1008-72f0-11dd-874b-0030843d3802)

The Opera Team reports : Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to...

9.3CVSS7.6AI score0.06335EPSS
Exploits0References10
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.25 views

splitvt privilege escalation

Group privileges are not dropped on external application execution...

7.2CVSS3.4AI score0.00346EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2008/01/31 12:0 a.m.34 views

xdg-utils shell characters vulnerability

Shell characteres vulnerability on invoking external application by URI...

6.8CVSS3.3AI score0.03171EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2008/01/08 12:0 a.m.39 views

SynCE shell characters vulnerability

Shell characters vulnerability on external application execution...

4.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2007/11/07 12:0 a.m.23 views

Symantec Norton AntiVirus for Mac privilege escalation

External application is executed by relative path...

3.6AI score
Exploits0References1
securityvulns
securityvulns
added 2007/04/08 12:0 a.m.37 views

SolidWorks ActiveX buffer overflow

Run methods allows to execute external application...

9.3CVSS4.1AI score0.04662EPSS
Exploits0
securityvulns
securityvulns
added 2007/03/30 12:0 a.m.47 views

AIX lsmcode privilege escalation

User's environment variable is used to launch external application...

3.7AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2006/04/24 12:0 a.m.50 views

AIX mklvcopy vulnerability

Insecure external application execution by relative path...

2.9AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2006/02/24 12:0 a.m.37 views

Visnetic AntiVirus Plug-in for MailServer privilege escalation

External application choosen by user is invoked with Local System privileges...

3.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/11/23 12:0 a.m.41 views

Firefox / Opera code execution

Command lines arguments can be pasted through URL if Firefox or Opera are invoked from external application in Unix-like systems...

2.9AI score
Exploits0References2Affected Software2
Rows per page
Query Builder