167 matches found
CVE-2018-8374
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server...
Microsoft Exchange Server Tampering Vulnerability
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...
Authorization
Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3...
CVE-2017-17708
Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3...
Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data
Not just Facebook, a new vulnerability discovered in Linkedin's popular AutoFill functionality found leaking its users' sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let...
Cisco WebEx Meeting Center Information Disclosure Vulnerability (CNVD-2017-32120)
Cisco Jabber is a cross-device collaboration system from Cisco Cisco. The system provides voice, video, desktop sharing and conferencing. An information disclosure vulnerability exists in the web interface in Cisco Jabber, which stems from the program's lack of input and authentication detection....
CVE-2017-12284
A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanism...
Microsoft Edge Chakra JIT Incorrect GenerateBailOut Calling Patterns Exploit
Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: Incorrect GenerateBailOut calling patterns CVE-2017-11799 Bailout: "ChakraCoreas background JIT compiler generates highly optimized JITaed code based upon the data and infers likely usage patterns based on the profile...
Microsoft Edge Chakra JIT Incorrect GenerateBailOut Calling Patterns
Microsoft Edge: Chakra: JIT: Incorrect GenerateBailOut calling patterns CVE-2017-11799 Bailout: "ChakraCoreas background JIT compiler generates highly optimized JITaed code based upon the data and infers likely usage patterns based on the profile data collected by the interpreter. Given the dynam...
Attackers Use Undocumented MS Office Feature to Leak System Profile Data
An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed. The undocumented feature is being used by...
CVE-2016-8504
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile...
CVE-2015-7186
Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...
CVE-2015-7186
Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...
CVE-2015-1562
Multiple cross-site scripting XSS vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to admin/usermanagement.php, 2 datasearch parameter to /admin/profiledata.php, or 3 filter parameter to errorlog.php...
CVE-2015-1562
Multiple cross-site scripting XSS vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to admin/usermanagement.php, 2 datasearch parameter to /admin/profiledata.php, or 3 filter parameter to errorlog.php...
CVE-2015-1562
Saurus CMS
Private data can be disclosed to other computer users, or be modified by them – Opera Security Advisories
Private data such as cache, password files, and Opera’s configuration files are supposed to be visible only to the user who owns the Opera profile. Opera does not set the profile folder permissions correctly, allowing other computer users to read the sensitive contents of profile files. In some...
CVE-2012-2296
The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...
SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data Protection Vulnerability
CVE: CVE-2012-2296 Using Janrain Engage, Drupal sites can authenticate new and existing users with popular social networks, map user profile data from these websites to Drupal fields, and share Drupal content with a user's friends on their social networks. The module permanently retains the...
acroread: critical APSB11-03
Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602...