AXIS Communications - Cross-Site Scripting / Content Injection

0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...

Mozilla Firefox Denial of Service Vulnerability (CNVD-2017-04191)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. A denial of service vulnerability exists in Mozilla Firefox, which can be exploited by an attacker to repeatedly trigger a...

SAP GUI Remote Code Execution Vulnerability

SAP GUI is a graphical user interface client from SAP, Germany. A remote code execution vulnerability exists in SAP GUI. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected program...

[SECURITY] Fedora 25 Update: qbittorrent-3.3.11-1.fc25

A Bittorrent client using rblibtorrent and a Qt4 Graphical User Interface. It aims to be as fast as possible and to provide multi-OS, unicode support...

flash-plugin: multiple code execution issues fixed in APSB17-07

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution...

IBM Rational Rhapsody Design Manager Cross-Site Scripting Vulnerability

IBM Rational Rhapsody Design Manager is a suite of collaborative design management software from IBM. The software supports the use of centralized system repositories with Web-based access to store, share, search, and manage design models as well as automated software design reviews. A cross-site...

CVE-2017-3003

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution...

Design/Logic Flaw

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3003

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution...

PT-2017-1463 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 24.0.0.221 and earlier Description: The issue is related to an interaction between the privacy user interface and the ActionScript 2 Camera object, which leads to a use after free vulnerability. This vulnerability...

CVE-2016-9006

IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : C1000264...

CVE-2017-0492

An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation o...

CVE-2017-0492

An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation o...

USN-3216-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of...

CVE-2017-1133

IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1999534...

CVE-2016-9723

IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1999534...

UBUNTU-CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

DEBIAN-CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

PT-2017-17116 · Bittorrent +1 · Qbittorrent +1

Name of the Vulnerable Software and Affected Versions: qBittorrent versions prior to 3.3.11 qBittorrent versions prior to the version released in October 2024 Description: The issue concerns a lack of proper escaping of values in the WebUI, potentially leading to XSS attacks. Additionally, there...

The vulnerability of Google Chrome browser allows a hacker to access certain elements of the user interface.

The vulnerability of the Blink component in Google Chrome relates to the inability to prevent certain user interface elements from being displayed on invisible pages. Exploiting this vulnerability allows a malicious actor to view certain unregulated user interface elements using a specially craft...