94 matches found
Code injection
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images...
CVE-2016-0308
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images...
CVE-2016-0308
CVE-2016-0308 affects IBM Connections 5.5 and earlier. The vulnerability is a link manipulation issue that could cause display of inappropriate background images. According to NVD, this is a network-based issue with low attack complexity and no confidentiality/availability impact, but partial int...
CVE-2016-0308
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images...
rc4 Password Cracking Vulnerability in LOGBASE Ops Security Management System from Sifo-Di
The LOGBASE O&M security management system from Sifo-Di provides O&M security audits for O&M staff. A rc4 password cracking vulnerability exists in the LOGBASE Operations and Maintenance Security Management System from Sifo-Dee. As the system comes with a URL link to decrypt its own "RC4",...
CVE-2016-5305
Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack...
CVE-2016-5305
Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack...
CVE-2016-5305
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 contains multiple DOM-based cross-site scripting vulnerabilities in SEPM management scripts. The issue is triggered by unsanitized input in the DOM link manipulation pathway, allowing remote authenticated users to inject arbitrary we...
Multiple vulnerabilities in Drupal Core File module
Drupal is a free and open source content management system developed in PHP. A file upload bypass and denial of service vulnerability exists in the Drupal Core File module. This allows a malicious user to view, delete or replace a link to a file that the victim has uploaded to a form that has not...
HackerOne: Parameter pollution in social sharing buttons
Hello! For example we have a link https://hackerone.com/blog/introducing-signal-and-impact, and we will change it to https://hackerone.com/blog/introducing-signal-and-impact?&u=https://vk.com/durov. If you send a link to the user and he wants to share a link to facebook, the content will change...
Vulnerability of Firefox and Firefox ESR browsers, which allow hackers to write arbitrary files and increase their privileges
The vulnerability of the Mozilla Maintenance Service component in Firefox and Firefox ESR browsers arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to write arbitrary files locally and increase their privileges by manipulating...
HackerOne: Redirect while opening links in new tabs
Hello HackerOne, I'd like to report to you a nice little bug about opening links in new tabs. When you open a link in a new tab target="blank" , the page that opens in a new tab can access the initial tab and change it's location using the window.opener property. POC:...
CVE-2002-0989
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link...