89 matches found
EUVD-2007-3599
Malware in sbrugna...
EUVD-2009-0744
Malware in sbrugna...
EUVD-2024-33673
Malicious code in bioql PyPI...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability (CNVD-2024-37703)
Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. Cisco Identity Services Engine has a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, induce a request, and can perform malicious...
Tabnabbing
passbolt/passboltapi is vulnerable to Tapnabbing. The vulnerability is due to a flaw where a user can create and share a resource with a malicious URI that, when opened by the victim using the "Open URI in a new tab" function, grants the malicious page access to the window.opener object...
Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab"
Description A user could create and share a resource with a malicious URI. When the victim opens with menu “Open URI in a new tab” function, the malicious page has access to the window.opener object. Impact of issue The newly opened malicious page can for example change the window.opener.location...
IBM Cognos Analytics Forms Cross-Site Request Forgery Vulnerability
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. A cross-site request forgery vulnerability exists in IBM Cognos Analytics form processing, which can be exploited by a remote attacker to construct a malicious URI, entice a request, and ca...
Schneider Electric Conext ComBox Cross-Site Request Forgery Vulnerability
The Schneider Electric Conext ComBox is a communication and monitoring device from Schneider Electric France. The Schneider Electric Conext ComBox suffers from a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, which induces a reque...
FreeBSD : Spotipy -- Path traversal vulnerability (c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18 advisory. - Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a...
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
Impact - Attacker providing malicious redirect uri can cause DoS to oauthlib's web application. - Attacker can also leverage usage of urivalidate functions depending where it is used. What kind of vulnerability is it? Who is impacted? Oauthlib applications using OAuth2.0 provider support or use...
CVE-2021-22984
On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...
Open Redirection
Cloudfoundry UAA is vulnerable to open redirection.The redirect URI is not properly validated to filter wildcard characters, allowing a remote unauthenticated user to enter malicious URI to get a UAA access code...
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit
Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit Author: Che-Chun Kuo Vulnerability Type: URI Parsing Command Injection Vendor Homepage: https://www.ubisoft.com/en-us/ Software Link: https://uplay.ubi.com/ Version: 63.0.5699.0 Tested on: Windows, Microsoft...
IBM InfoSphere Information Server Cross-Site Request Forgery Vulnerability (CNVD-2018-17155)
IBM InfoSphere Information Server is the information integration platform. A cross-site request forgery vulnerability exists in the IBM InfoSphere Information Server component, which allows remote attackers to exploit the vulnerability to construct malicious URIs, bait a request, and can be used ...
HP StoreOnce Backup System Cross-Site Request Forgery Vulnerability
HP StoreOnce Backup System is a disk-based backup system. A cross-site request forgery vulnerability exists in HP StoreOnce Backup System, which allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context of the target user...
Securifi Almond Cross-Site Request Forgery Vulnerability
Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password and suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context...
Spina CMS 'spina/application_controller.rb' Cross-Site Request Forgery Vulnerability
Spina CMS is an open source content management system based on Rails development . Spina CMS suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can target user contexts to perform malicious actions...
Drupal Node Template Module Cross-Site Request Forgery Vulnerability
Drupal is a free and open source content management system developed in PHP.Node Template is a module that uses the structure and data of nodes as a template. A cross-site request forgery vulnerability exists in the Drupal Node Template module that allows a remote attacker to construct a maliciou...
IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2015-01710)
IBM Rational Quality Manager is a collaborative, Web-based quality management solution. An input validation vulnerability exists in IBM Rational Quality Manager. The vulnerability allows remote attackers to construct malicious URIs and trick users into parsing them, which can be used to obtain...
Landesk Management Suite 'serverlist_grouptree.aspx' Cross-Site Scripting Vulnerability
Landesk Management Suite is a system management solution. A cross-site scripting vulnerability exists in Landesk Management Suite 'serverlistgrouptree.aspx', which can be exploited by a remote attacker to construct a malicious URI and trick a user into parsing it, which can be used to obtain a...