pcs Cross-Site Request Forgery Vulnerability

PCS is a set of tools for configuring and managing Pacemaker and Corosync clustering software using the command line and web UI. A cross-site request forgery vulnerability exists in pc, which can be exploited by remote attackers to perform certain unauthorized actions and access affected...

CVE-2017-3585

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: User Interface subsystem. The supported version that is affected is AK 2013. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2017-3337

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via...

Weblate: Clickjacking docs.weblate.org

Hi, Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their...

CVE-2016-6338

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager aka RHEV-M for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries...

IBM Cognos TM1 Cross-Site Scripting Vulnerability (CNVD-2017-05100)

IBM Cognos TM1 is a suite of enterprise planning software for planning, budgeting, forecasting and analyzing from IBM in the United States. The software quickly analyzes data, models business needs, and collaborates on plans, budgets, and forecasts. A cross-site scripting vulnerability exists in...

IBM Tivoli Application Dependency Discovery Manager Cross-Site Scripting Vulnerability

IBM Tivoli Application Dependency Discovery Manager TADDM is a product in a suite of IT service management solutions from IBM USA that provides robust automated application mapping and discovery to help administrators understand the structure, state, configuration and change history of business...

The vulnerability of Safari browser and iOS operating system allows a hacker to execute arbitrary code or perform page replacement attacks.

The vulnerability of the WebKit component in the Safari browser and the iOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or replace the default browser tab by making incorrect references to...

KLA11004 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass...

Oracle GlassFish Server 3.1.2 Multiple Vulnerabilities

Oracle GlassFish Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-3038

IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614...

The vulnerability of the iOS operating system and the Safari browser allows a hacker to replace the user interface of the FaceTime application.

The vulnerability of the Safari component of the iOS operating system and the Safari browser is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to replace the FaceTime application’s user interface using a specially crafted web page...

KLA11024 Defense-in-Depth Update for Microsoft Office

An unspecified vulnerability was found in the EPS Encapsulated PostScript filter in Microsoft Office. By exploiting this vulnerability malicious users can possibly execute arbitrary code. This vulnerability can be exploited remotely via a specially designed website or file. NB: This vulnerability...

KLA11055 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: 1. An incorrect handling of...

Multiple Huawei server information leakage vulnerabilities

Huawei Tecal RH1288 V2 and others are servers from Huawei, a Chinese company. An information disclosure vulnerability exists in several Huawei servers. The vulnerability can be exploited by an attacker to view the session IDs of all online users in the Online Users page of the Web UI...

CVE-2016-3031

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

CVE-2016-3015

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

CVE-2016-3015

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2017-04814)

IBM Rational Quality Manager is a collaborative, Web-based quality management solution. A cross-site scripting vulnerability exists in IBM Rational Quality Manager, which allows an attacker to embed arbitrary JavaScript code into the Web UI, which could change the intended use and result in the...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2017-04812)

IBM Rational Quality Manager is a collaborative, Web-based quality management solution. A cross-site scripting vulnerability exists in IBM Rational Quality Manager, which allows an attacker to embed arbitrary JavaScript code into the Web UI, which could change the intended use and result in the...