8183 matches found
chromium-browser: Insufficient data validation in WebUI
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...
KLA11927 Multiple vulnerabilties in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in media...
OPENSUSE-SU-2020:1172-1 Security update for opera
This update for opera fixes the following issues: - Update to version 70.0.3728.71 - DNA-86267 Make Recently closed tabs appearance consistent with Search for open tabs. - DNA-86988 Opera 70 translations - DNA-87530 Zen news leads not loading - DNA-87636 Fix displaying folder icon for closed...
UPDATE: Infection Monkey 1.9.0
Infection Monkey 1.9.0, the open source breach and attack simulation tool was released a few hours ago - just in time for BlackHat/DefCon 2020. My first post about this tool can be found in a post titled the List of Adversary Emulation Tools. Updates include an expanded list of MITRE ATT&CK...
Denial Of Service (DoS)
firefox is vulnerable to denial of service. When specifying a custom cursor using CSS in an endless loop, the user interface will be perceived to be in a broken state...
VulnCheck KEV: CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work...
Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The...
The vulnerability of the User Interface component of the Oracle Advanced Outbound Telephony application, which allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the User Interface component of the Oracle Advanced Outbound Telephony application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...
The vulnerability in the user interface of Google Chrome’s Chromium browser allows a perpetrator to compromise data integrity.
The vulnerability of the Chromium browser’s user interface in Google Chrome is related to the lack of mechanisms for privilege control and access management. Exploiting this vulnerability allows a malicious actor to affect data integrity through a specially created HTML page...
The vulnerability of the User Interface component of the Oracle Financial Services Liquidity Risk Management application allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the User Interface component of the Oracle Financial Services Liquidity Risk Management application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete da...
The vulnerability of the User Interface component of the Oracle Insurance Accounting Analyzer allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the User Interface component of the Oracle Insurance Accounting Analyzer is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...
The vulnerability of the User Interface component of the Oracle Financial Services Loan Loss Forecasting and Provisioning application allows a hacker to gain access to read, modify, add, or delete data.
The vulnerability of the User Interface component of the Oracle Financial Services Loan Loss Forecasting and Provisioning application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or...
The vulnerability in the user interface of Google Chrome’s Chromium browser allows a hacker to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of Google Chrome’s Chromium user interface is related to errors in the use of standard permissions. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and also cause service interruptions through a specially created...
The vulnerability in the implementation of the WebView user interface of the Chromium browser by Google Chrome allows a perpetrator to compromise data integrity.
The vulnerability of the WebView implementation in the Chromium browser’s user interface is related to a resource management mechanism error. Exploiting this vulnerability allows an attacker to compromise data integrity through a specially created application...
DLInjector-GUI - DLL Injector Graphical User Interface
DLInjector for Graphical User Interface. Faster DLL Injector for processes. It targets the process name to identify the target. The process does not need to be open to define the target. DLInjector waits until the process executed. USAGE DLInjector usage a very simple. Firstly, enter the target...
CVE-2020-4525
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...
CVE-2020-4396
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...
CVE-2020-4560
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
TYPO3 Backend User Interface component code issue vulnerability (CNVD-2021-26155)
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland.Backend User Interface is one of the backend user interface components. A code issue vulnerability exists in the Backend User Interface component in TYPO3 versions 9.0.0 through...