Remote code execution

Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data...

CVE-2020-25268

ILIAS 6.4 is vulnerable to Remote Code Execution via the external news feed due to incorrect parameter sanitization of Magpie RSS data. The issue affects the Magpie RSS data parsing path, enabling an attacker to execute code remotely. CVSS details indicate a high impact (C, I, A high) with networ...

UBUNTU-CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

Absolute News Feed 1.0 - Remote Insecure Cookie Handling Vulnerability

No description provided by source. Discovered by : Hakxer Script : Absolute News Feed http://www.xigla.com/absolutenf/demo.htm Greetz : Allah , All My friend ,www.educ-up.com ------------------------------- Poc : javascript:document.cookie=xlaAFSuser=p=admin; Exploit Go To admin login :...

openSUSE Security Update : opera (openSUSE-SU-2010:0540-1)

This update of opera fixes the following vulnerabilities : - CVE-2010-2576: CVSS v2 Base Score: 6.8 CWE-94: unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia - CVE-2010-3019: CVSS v2 Base Score: 9.3 CWE-119: hea...

CVE-2010-3020

The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content...

CVE-2010-3020

The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content...

CVE-2010-3020

Opera before 10.61 contains a vulnerability in the news-feed preview where scripts are not properly removed, allowing an attacker to force subscriptions to arbitrary feeds via crafted content. Affected software: Opera browser (pre-10.61). Root cause: improper sanitization/removal of scripts in th...

Opera Browser Multiple Vulnerabilities (Aug 2010) - Windows

Opera Browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : opera -- multiple vulnerabilities (71273c4d-a6ec-11df-8a8d-0008743bf21a)

The Opera Destkop Team reports : - Fixed an issue where heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc. - Fixed an issue where unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven...

opera -- multiple vulnerabilities

The Opera Destkop Team reports: Fixed an issue where heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc. Fixed an issue where unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewi...

News feed preview can subscribe to feeds without interaction

When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user to the feed without their consent...

Opera < 10.61 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 10.61. Such versions are potentially affected by the following issues : - A heap overflow when performing painting operations on an HTML5 canvas can result in execution of arbitrary code. 966 - An issue with tab focus is open to an...

News feed preview can subscribe to feeds without interaction – Opera Security Advisories

News feed preview can subscribe to feeds without interaction – Opera Security Advisories OPCOM Team | August 12, 2010 Severity Low Description When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user t...

Opera < 10.61 Multiple Vulnerabilities

Binary data 800844.prm...

Opera < 10.61 Multiple Vulnerabilities

Binary data 5626.prm...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

CVE-2009-3248

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

CVE-2009-3248

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

CVE-2009-3248

The CVE-2009-3248 entry describes a CSRF vulnerability in the vtiger CRM 5.0.4 RSS module . The flaw allows remote attackers to hijack the authentication of Admin users by crafting requests to index.php with the rssurl parameter in a Save action, enabling modification of the news feed system. The...