![]() Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device. Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a.sql file. This is similar to the CVE-2018-8383 issue in Microsoft Edge. Name Description embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 allows address bar spoofing because a page load triggered by JavaScript leads to updating an address as if it were triggered by a safer visit type (e.g., VISITLINK, VISITTYPED, VISITBOOKMARK, or VISITHOMEPAGE).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |