This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.Īn issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Firefox MLoadTypedArrayElementHole, an incorrect AliasSet was used. This could have been leveraged to execute arbitrary code. Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. A third-party application (without any permissions) can craft an intent targeting .DialerActivity via the action in conjunction with a tel: URI, thereby placing a phone call. The application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the .DialerActivity component. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim’s browser. An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |