Lucene search
+L

167 matches found

OSV
OSV
added 2018/08/15 5:29 p.m.4 views

CVE-2018-8374

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server...

4.3CVSS5.8AI score0.03024EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2018/08/14 7:0 a.m.28 views

Microsoft Exchange Server Tampering Vulnerability

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected...

4.3CVSS2AI score0.03024EPSS
Exploits0
Prion
Prion
added 2018/07/31 2:29 p.m.21 views

Authorization

Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3...

4CVSS4.6AI score0.00584EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/07/31 2:29 p.m.7 views

CVE-2017-17708

Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3...

4.3CVSS5.8AI score0.00584EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2018/04/21 1:59 p.m.4 views

Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data

Not just Facebook, a new vulnerability discovered in Linkedin's popular AutoFill functionality found leaking its users' sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let...

6.6AI score
Exploits0
CNVD
CNVD
added 2017/10/20 12:0 a.m.4 views

Cisco WebEx Meeting Center Information Disclosure Vulnerability (CNVD-2017-32120)

Cisco Jabber is a cross-device collaboration system from Cisco Cisco. The system provides voice, video, desktop sharing and conferencing. An information disclosure vulnerability exists in the web interface in Cisco Jabber, which stems from the program's lack of input and authentication detection....

5.5CVSS5.3AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2017/10/19 8:29 a.m.5 views

CVE-2017-12284

A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanism...

5.5CVSS5.8AI score0.00357EPSS
Exploits0References3
0day.today
0day.today
added 2017/10/15 12:0 a.m.75 views

Microsoft Edge Chakra JIT Incorrect GenerateBailOut Calling Patterns Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: Incorrect GenerateBailOut calling patterns CVE-2017-11799 Bailout: "ChakraCoreas background JIT compiler generates highly optimized JITaed code based upon the data and infers likely usage patterns based on the profile...

7.6CVSS7.8AI score0.63675EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/10/14 12:0 a.m.80 views

Microsoft Edge Chakra JIT Incorrect GenerateBailOut Calling Patterns

Microsoft Edge: Chakra: JIT: Incorrect GenerateBailOut calling patterns CVE-2017-11799 Bailout: "ChakraCoreas background JIT compiler generates highly optimized JITaed code based upon the data and infers likely usage patterns based on the profile data collected by the interpreter. Given the dynam...

7.9AI score0.63675EPSS
Exploits3
ThreatPost
ThreatPost
added 2017/09/18 4:33 p.m.11 views

Attackers Use Undocumented MS Office Feature to Leak System Profile Data

An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed. The undocumented feature is being used by...

Exploits0References1
OSV
OSV
added 2016/10/26 6:59 p.m.3 views

CVE-2016-8504

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile...

4.3CVSS5.8AI score0.00562EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2015/11/05 5:59 a.m.20 views

CVE-2015-7186

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...

4.3CVSS7.2AI score0.01532EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/11/05 2:0 a.m.33 views

CVE-2015-7186

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...

9AI score0.01532EPSS
Exploits0References5
NVD
NVD
added 2015/02/09 11:59 a.m.19 views

CVE-2015-1562

Multiple cross-site scripting XSS vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to admin/usermanagement.php, 2 datasearch parameter to /admin/profiledata.php, or 3 filter parameter to errorlog.php...

4.3CVSS5.8AI score0.01862EPSS
Exploits1References5
Cvelist
Cvelist
added 2015/02/09 11:0 a.m.20 views

CVE-2015-1562

Multiple cross-site scripting XSS vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to admin/usermanagement.php, 2 datasearch parameter to /admin/profiledata.php, or 3 filter parameter to errorlog.php...

5.8AI score0.01862EPSS
Exploits1References5
CVE
CVE
added 2015/02/09 11:0 a.m.53 views

CVE-2015-1562

Saurus CMS

4.3CVSS5.9AI score0.01862EPSS
Exploits1References5Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2012/12/17 12:0 a.m.9 views

Private data can be disclosed to other computer users, or be modified by them – Opera Security Advisories

Private data such as cache, password files, and Opera’s configuration files are supposed to be visible only to the user who owns the Opera profile. Opera does not set the profile folder permissions correctly, allowing other computer users to read the sensitive contents of profile files. In some...

5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2012/07/25 9:0 p.m.25 views

CVE-2012-2296

The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...

6.2AI score0.01563EPSS
Exploits0References7
Drupal
Drupal
added 2012/04/04 12:0 a.m.24 views

SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data Protection Vulnerability

CVE: CVE-2012-2296 Using Janrain Engage, Drupal sites can authenticate new and existing users with popular social networks, map user profile data from these websites to Drupal fields, and share Drupal content with a user's friends on their social networks. The module permanently retains the...

5CVSS5.8AI score0.01563EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2011/02/23 9:16 p.m.8 views

acroread: critical APSB11-03

Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602...

9.3CVSS6.3AI score0.09839EPSS
Exploits0References4
Rows per page
Query Builder