18 matches found
CVE-2024-1522 Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui
A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...
CVE-2020-15182
The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery CSRF and Remote Code Execution RCE. The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially...
The vulnerability of Google Chrome, related to writing beyond the buffer of memory, allows a perpetrator to gain unauthorized access to protected information and compromise its integrity and accessibility.
The vulnerability of Google Chrome relates to the writing beyond the buffer of the memory buffer. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and compromise its integrity and availability through a specially created HTML file...
MS14-018: Description of the security update for Internet Explorer: April 8, 2014
Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative securit...
The vulnerability in Microsoft Edge browsers arises from an operation that goes beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Edge arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...
Apple WebKit Memory Corruption (CVE-2018-4233)
A remote code execution vulnerability exists in Apple WebKit. The vulnerability is due to a memory corruption when handling of objects in javascript JIT. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted js webpage. Successful exploitation...
Cross site request forgery (csrf)
Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery CSRF vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leake...
Microsoft Edge CVE-2017-8504 Information Disclosure Vulnerability
Description Microsoft Edge is prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks...
Microsoft Internet Explorer and Edge CVE-2016-7199 Information Disclosure Vulnerability
Description Microsoft Internet Explorer and Edge are prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in...
Microsoft Teams help & learning
None None...
Microsoft Internet Explorer CVE-2015-1706 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft July 2014 Patch Tuesday fixes 29 IE Vulnerabilities
Microsoft today issued two critical-, three important-, and one moderate-rated security bulletins in the July edition of its monthly Patch Tuesday release. The updates address 29 security vulnerabilities in the company’s Windows operating system, Internet Explorer browser, and server software. Th...
Teracom Modem T2-B-Gawv1.4U10Y-BI Cross Site Request Forgery
Exploit Title: Teracom Modem CSRF Vulnerability Date: 20-04-2014 Author: Rakesh S Software Link: http://www.teracom.in/ Version: T2-B-Gawv1.4U10Y-BI The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a...
Teracom Modem T2-B-Gawv1.4U10Y-BI - Cross-Site Request Forgery
Exploit Title: Teracom Modem CSRF Vulnerability Date: 20-04-2014 Author: Rakesh S Software Link: http://www.teracom.in/ Version: T2-B-Gawv1.4U10Y-BI The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a...
Microsoft Internet Explorer Null Byte Information Disclosure - Ver2 (CVE-2012-0012)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. A remote attacker could exploit this vulnerability by enticing target users to open a specially crafted webpage. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitiv...
Microsoft Windows InformationCardSigninHelper Class ActiveX Control Code Execution - ver 2 (CVE-2013-3918)
A remote code execution vulnerability exists in the InformationCardSigninHelper Class ActiveX control, icardie.dll. When the InformationCardSigninHelper Class ActiveX control is instantiated in Internet Explorer, the control may corrupt the system state in such a way that an attacker could run...
Multiple Vulnerabilities in KrisonAV CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerability in KrisonAV CMS: CVE-2013-2712 The vulnerability exists due to...
MacroVision InstallShield Update Service isusweb.dll unsafe method
Added: 12/07/2007 CVE: CVE-2007-5660 BID: 26280 OSVDB: 38347 Background MacroVision InstallShield is software for creating installers or software packages. Problem Several unsafe methods in the Update Service ActiveX control allow command execution when a user loads a specially crafted web page...