CVE-2016-20028

ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...

CVE-2016-20028

CVE-2016-20028 affects ZKTeco ZKBioSecurity 3.0. The issue is a Cross-Site Request Forgery (CSRF) that lets an attacker cause administrative actions by coaxing an authenticated user to visit a malicious page. Attacks can craft HTTP requests that add superadmin accounts without validity checks, po...

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A vulnerability was found in WebKitGTK. The flaw exists due to a logic issue when processing HTML content in WebKit. This flaw allows a remote attacker to create a specially crafted web page, trick the victim into visiting it, and prevent the Content Security Policy from being enforced, allowing...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

USN-6990-1 znc vulnerability

Johannes Kuhn DasBrain discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server...

Improper Restriction Of Rendered UI Layers Or Frames (Clickjacking)

zenml is vulnerable to Improper Restriction of Rendered UI Layers or Frames Clickjacking. The vulnerability is due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers, allowing an attacker to embed the application UI within an iframe on a...

ipa: Invalid CSRF protection

A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...

SUSE CVE-2006-3812

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links...

Mozilla: Missing throttling on external protocol launch dialog

The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description CSRF in switching between enable and disable of the following: - Dark/bright - Auto uppercase sentences - Do not scroll to the bottom on chat open - Auto preload previous visitor chat messages - Load previous message on scroll - New messages - New chats - Online - Based on activity -...

CVE-2021-21745

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...

Vulnerability fixed in Artifex Ghostscript

Artifex has fixed a vulnerability in Ghostscript. The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code under the privileges of Ghostscript. To do this, the malicious party must trick the victim into to open a malicious document. Artifex has release...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox has a security vulnerability that exists due to the way Firefox displays permission panels. After requesting multiple permissions and closing the first permission panel, subsequent...

Design/Logic Flaw

There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007...

Mozilla Firefox has an unspecified vulnerability (CNVD-2019-17484)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 67. An attacker can exploit the vulnerability to spoof pages and trick users into installing malicious extensions...

Microsoft Excel Information Disclosure Vulnerability (CNVD-2019-02778)

Microsoft Excel is a spreadsheet processing software in the Office suite of Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel. An attacker can exploit this vulnerability by tricking a user into opening a specially crafted document to obtain sensitive information...

Indian police & Microsoft busts tech support scam centers

By Uzair Amir You may have watched YouTube videos about tech support scam tricking unsuspecting users into believing that their devices have been compromised with some nasty malware and the only way to get rid of it is to pay the technician for their "services" over the phone or Skype call. This...

CVE-2017-8164

Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160; EVA-L09C706B145; EVA-L09GBRC555B171;...

CVE-2017-4951

VMware AirWatch Console 9.2.x before 9.2.2 and 9.1.x before 9.1.5 contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices...