ROS-20221007-05

Firefox browser vulnerability is related to a bounds error in HTML content processing. Exploitation The vulnerability could allow a remote attacker to create a customized website, trick the victim into opening it, cause memory corruption, and execute arbitrary code on the target system. the victi...

CVE-2022-38709

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

IPFire 跨站脚本漏洞

IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in the IPFire WebUI that originates when an administrative user prepares a malicious script and then another administrative user accesses the...

IBM Robotic Process Automation 跨站脚本漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. A cross-site scripting vulnerability exists in IBM Robotic Process Automation for Cloud Pak, which stems from the fact that it allows users to embed arbitrary JavaScript code in t...

PT-2022-6214 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation version 21.0.0 Description: The issue is related to errors in the representation of information by the user interface. It could allow a remote attacker to hijack the clicking action of the victim by persuading...

CVE-2022-21936

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI...

Velociraptor Version 0.6.6: Multi-Tenant Mode and More Let You Dig Deeper at Scale Like Never Before

Rapid7 is excited to announce the release of version 0.6.6 of Velociraptor – an advanced, open-source digital forensics and incident response DFIR tool that enhances visibility into your organization’s endpoints. After several months of development and testing, we are excited to share its powerfu...

Johnson Controls Metasys ADX 授权问题漏洞

Johnson Controls Metasys ADX Server is a data server from Johnson Controls, Inc. An authorization issue vulnerability exists in Johnson Controls Metasys ADX Server version 12.0, which stems from improper access controls in the application and could be exploited by an attacker to cause an AD user ...

The vulnerability of the Mozilla Firefox browser, related to access control deficiencies, allows attackers to modify the user interface.

The vulnerability of the Mozilla Firefox browser is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to modify the user interface remotely...

The vulnerability of the Mozilla Firefox browser, related to improper restriction of the displayed user interface layers, allows attackers to perform spoofing attacks.

The vulnerability of the Mozilla Firefox browser is related to an improper limitation on the visual layers of the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

Vulnerability of Firefox web browsers, Firefox ESR, and Thunderbird email client, related to information representation errors in the user interface, allowing attackers to disclose protected information

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

CVE-2022-38709

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Dapr Dashboard 访问控制错误漏洞

Dapr Dashboard is a web-based user interface for Dapr that allows users to view information, view logs of running Dapr applications, components, configurations, etc. Dapr Dashboard 0.1.0 and later, 0.10.0 and earlier versions have an access control error vulnerability that stems from the existenc...

KLA19267 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Import can be exploited to cause...

CVE-2022-34429

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

The vulnerability of the Thunderbird email client, related to incorrect actions performed by the user interface, allows a hacker to execute arbitrary code.

The vulnerability of the Thunderbird email client is related to incorrect actions performed by the user interface when the com.apple.quarantine attribute is used. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by downloading a malicious email attachment...

CVE-2022-20851

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input...

CVE-2022-35722

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381...

IBM Jazz for Service Management 跨站脚本漏洞

IBM Jazz for Service Management is an integrated service management product from International Business Machines IBM that provides visibility into the service management environment. A cross-site scripting vulnerability exists in IBM Jazz for Service Management that originates from allowing a use...

Cisco IOS XE Software 操作系统命令注入漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE Software suffers from an operating system command injection...