Description In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction…
Description Froxlor instances <= 0.10.22 do not perform validation on user-input passed in the customermail GET parameter. More specifically, the value of this parameter is reflected unsanitized in the response webpage. As a consequence, it was possible to inject arbitrary…
Description Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 has an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure. Exploitation The vulnerable endpoint is the following: https://<BASE_URL>/mnt/overlay/dam/gui/content/assets/metadataeditor.external.html The vulnerable parameter is the item…
