50 matches found
Cisco Webex Software Application Authorization Bypass Vulnerability
A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation o...
CSV Code Injection
CSV code injection is an attack scenario, where untrusted user input is written to a CSV file and leads to the execution of code formulas when the file is consumed by an external application e.g. Microsoft Excel or Google Sheets. As a result, this may lead to Data Exfiltration or Remote Code...
Updated libx11 packages fix a security vulnerability
XLookupColor and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application for instance a color name that can be emitted via a terminal control sequence it can lead to the emission of extra X protoc...
OPENSUSE-SU-2020:1042-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 bsc1173948 MFSA-2020-0003 bmo1644076 X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR Fixed: Security fix Fixed: Fixed an accessibility regression in...
SUSE-SU-2020:1958-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 bsc1173948 MFSA-2020-0003 bmo1644076 X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR Fixed: Security fix Fixed: Fixed an accessibility regression in...
Cross site scripting
It was found in all keycloak versions before 9.0.0 that links to external applications Application Links in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further...
Brave Software: Field Day With Protocol Handlers
Summary ===================== When launching a protocol such as mailto:, SEARCH:, or bitcoin:, Brave only asks to allow the protocol to be opened by an external application. You can select on whether or not to remember the decision or not and to allow or deny it. The issue is that upon selecting...
Cross site scripting
Cross-site scripting XSS vulnerability in the externalformattext function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a...
perl Module::Signature privilege escalation
Relative path is used to execute external application...
OpenSSH ssh-keysign information leak
File descriptor for private keys file is not closed on exeternal application execution...
FreeBSD : opera -- multiple vulnerabilities (73ec1008-72f0-11dd-874b-0030843d3802)
The Opera Team reports : Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to...
splitvt privilege escalation
Group privileges are not dropped on external application execution...
xdg-utils shell characters vulnerability
Shell characteres vulnerability on invoking external application by URI...
SynCE shell characters vulnerability
Shell characters vulnerability on external application execution...
Symantec Norton AntiVirus for Mac privilege escalation
External application is executed by relative path...
SolidWorks ActiveX buffer overflow
Run methods allows to execute external application...
AIX lsmcode privilege escalation
User's environment variable is used to launch external application...
AIX mklvcopy vulnerability
Insecure external application execution by relative path...
Visnetic AntiVirus Plug-in for MailServer privilege escalation
External application choosen by user is invoked with Local System privileges...
Firefox / Opera code execution
Command lines arguments can be pasted through URL if Firefox or Opera are invoked from external application in Unix-like systems...