SUSE CVE-2018-5112

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...

CVE-2019-15260

A vulnerability in Cisco Aironet Access Points APs Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could...

CVE-2018-5112

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...

CVE-2014-9300

CVE-2014-9300 corresponds to a CSRF vulnerability in the cmisbrowser servlet of Alfresco Community Edition prior to 5.0.a. The issue allows remote attackers to hijack user authentication for requests that access unintended URLs and extract user credentials via a URL parameter. Affected component:...

CVE-2014-9300

Cross-site request forgery CSRF vulnerability in the cmisbrowser servlet in Content Management Interoperability Service CMIS in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user...

Symantec Norton AntiVirus 2004 ActiveX control fails to properly validate input

Overview There is a vulnerability in an ActiveX control provided by Norton AntiVirus 2004 that could allow an attacker to execute arbitrary programs, launch a browser window containing an unauthorized URL, or cause a denial of service on a vulnerable system. Description Norton AntiVirus 2004 is a...