CVE-2018-4445

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2...

CVE-2018-4445

CVE-2018-4445 concerns the Apple Safari/WebKit issue where selecting "Clear History and Website Data" did not clear history. Affects iOS prior to 12.1.1 and Safari before 12.0.2; fixed by Apple in iOS 12.1.1/Safari 12.0.2 with enhanced data deletion. Mitigation is upgrading to the patched version...

Search Autocomplete - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-070

This Search Autocomplete module enables you to autocomplete textfield using data from your website nodes, comments, etc... The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting XSS vulnerability. This vulnerability can be exploit...

Weak password vulnerability in NSG 9000-6G

The NSG™ 9000-6G high-density general purpose edgeQAM system is a highly integrated digital video solution for multiplexing request-based video content over IP networks. The NSG 9000-6G suffers from a weak password vulnerability that can be exploited by an attacker to log in to a website and gain...

Override Access Vulnerability in Tianxing Data Integration Service System

Beijing Tianxing Net Security Information Technology Co., Ltd. is an enterprise engaged in the research and development of network security and data exchange technology. There is an override access vulnerability in the Tianxing Data Integration Service System, which can be exploited by attackers ...

Apple Safari Spoofing and Cross-Site Scripting Vulnerabilities (HT208116)

Apple Safari is prone to spoofing and cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fedora 25 : webkitgtk4 (2017-25ffd5b236)

Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...

Fedora 24 : webkitgtk4 (2017-0f38995622)

Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...

Unauthorized Access Vulnerability in Deephaven Jet Mixcall Customer Service System

Ltd. is a company that focuses on the research, development, manufacturing and sales of call centers and converged communication products. mixcall is one of the company's customer service systems. An unauthorized access vulnerability exists in the SZHJ Mixcall customer service system. Due to a la...

The vulnerability of Safari browser and iOS operating system allows attackers to obtain confidential information.

The vulnerability of the “Clear History and Website Data” function in the Safari browser and the iOS operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a local attacker to obtain confidential information...

CVE-2016-1849

The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory...

Sensitive Information Leakage Vulnerability in Beijing Melting Point's Video Communication System

Melting Point Netcom Beijing Technology Co., Ltd. is a high-tech company engaged in unified video operation services. The video system is one of the company's systems. A sensitive information disclosure vulnerability exists in the Beijing Melting Point Webcam video system. The vulnerability allow...

Custom Website Data 1.2 - Record Deletion CSRF

The Custom Website Data WordPress plugin was affected by a Record Deletion CSRF security vulnerability...

WordPress Custom Website Data插件跨站请求伪造漏洞

WordPress是一款内容管理系统。 由于程序允许用户通过味精验证的HTTP请求执行某些操作，攻击者可以利用漏洞在已登录的用户访问特制网页时删除任意记录。 0 WordPress Custom Website Data Plugin 1.x 厂商补丁： WordPress ----- WordPress Custom Website Data插件1.3版本以修复此漏洞，建议用户下载使用： http://wordpress.org/plugins/simple-custom-website-data/changelog...

JVN#48425028: Flash Player access restriction bypass vulnerability

When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file. Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed. Impact...

Links_ ELinks smbclient - Remote Command Execution

Links ELinks smbclient - Remote Command Execution source: https://www.securityfocus.com/bid/21082/info Links and ELinks are prone to a remote command-execution vulnerability because the applications fail to properly process website data containing 'smb' commands. An attacker can exploit this issu...