CVE-2021-22819

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

Kron Single Connect 安全漏洞

Kron Single Connect is a comprehensive Privileged Access Management Pam software suite from Kron Turkey. It is designed to create a flexible, centrally managed and layered defense security architecture against insider threats. A security vulnerability exists in Kron Single Connect, which stems fr...

PT-2022-12234

Name of the Vulnerable Software and Affected Versions Single Connect affected versions not specified Description The issue arises from the lack of an authorization check in the sc-reports-ui module, allowing a remote attacker to access the device configuration page and export data to an external...

Ninjasworkout - Vulnerable NodeJS Web Application

Damn Vulnerable NodeJS Application Quick Start Download the Repo = run npm i Afer Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex...

xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

PT-2022-4781 · Apple +8 · Macos Monterey +14

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.3 iPadOS versions prior to 15.3 watchOS versions prior to 8.4 tvOS versions prior to 15.3 Safari versions prior to 15.3 macOS Monterey versions prior to 12.2 Description: A logic issue was addressed with improved stat...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. This is due to no limit on the number of days when requesting stats for the graph, which overloads the system, affecting the Web UI and making it unavailable. Details Denial of Service DoS describes a family of...

CVE-2022-22553

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is...

DEBIAN-CVE-2022-23837

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...

UBUNTU-CVE-2022-23837

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...

KLA12433 Security UI vulnerability in Microsoft Browser

Spoofing vulnerability was found in Microsoft Edge for Android. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2022-23258 Related products Microsoft-Edge CVE list CVE-2022-23258 warning KB list Solution Install necessary updates from the KB section...

DELL EMC AppSync 安全漏洞

DELL EMC AppSync is a replication data management software from Dell USA Inc. The security vulnerability in DELL EMC AppSync stems from the fact that Dell EMC AppSync versions 3.9 through 4.3 contain an "over-authentication Improper Attempt Limitation" vulnerability, which can be exploited from t...

Vulnerabilities fixed in Drupal core

Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...

CVE-2022-22733

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and pri...

PT-2022-15651 · Apache · Apache Shardingsphere Elasticjob-Ui

Name of the Vulnerable Software and Affected Versions: Apache ShardingSphere ElasticJob-UI versions 3.0.0 and prior versions Description: The issue allows an attacker with a guest account to perform privilege escalation due to exposure of sensitive information to an unauthorized actor...

Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based...

CVE-2022-21381

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications component: WebUI. Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise...

CVE-2022-21381

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications component: WebUI. Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise...

CVE-2022-21354

CVE-2022-21354 affects Oracle E-Business Suite iStore UI (versions 12.2.3–12.2.11). An unauthenticated attacker can access over HTTP and, with user interaction, may update/insert/delete and read Oracle iStore data. The issue is confirmed by multiple sources (NVD, Red Hat, NCSC) and is listed with...

The vulnerability of the Thunderbird email client’s user interface, as well as the Firefox and Firefox ESR browsers, stems from incorrect restrictions on the number of visible layers or frames. This allows attackers to exploit these incorrect restrictions to perform unauthorized actions.

The vulnerability of the Thunderbird email client’s user interface, as well as the Firefox and Firefox ESR browsers, is related to an incorrect limitation on the number of visible layers or frames, due to a mistake in adjusting the size of the pop-up window when requesting full-screen access...