CVE-2018-1251

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected.

Publication date: Fri, 28 Sep 2018 23:29:00 +0000

Cyber News related to CVE-2018-1251

CVE-2018-1000672 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, ...
55 years ago Tenable.com

CVE-2018-0912 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago

CVE-2018-0923 - Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from ...
5 years ago

CVE-2018-0916 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago

CVE-2018-0914 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago

CVE-2018-0921 - Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from ...
5 years ago

CVE-2018-0909 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago

CVE-2018-0911 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago

CVE-2018-0947 - Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago

CVE-2018-0917 - Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from ...
5 years ago

CVE-2018-0910 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago

CVE-2018-0944 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago

CVE-2018-0913 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
5 years ago

CVE-2018-0769 - Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine ...
4 years ago

CVE-2018-0778 - Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID ...
4 years ago

CVE-2018-0773 - Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID ...
4 years ago

CVE-2018-0772 - Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 ...
4 years ago

CVE-2018-0758 - Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine ...
4 years ago

CVE-2018-0781 - Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine ...
4 years ago

CVE-2018-0770 - Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine ...
4 years ago

CVE-2018-0860 - Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption ...
4 years ago

CVE-2018-0857 - Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption ...
4 years ago

CVE-2018-0777 - Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine ...
4 years ago

CVE-2018-0856 - Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from ...
4 years ago

CVE-2018-0834 - Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption ...
4 years ago

Latest Cyber News

Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) To Hack Windows Systems - 6 minutes ago
New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API - 33 minutes ago
Have I Been Pwned likely to Ban Resellers - 1 hour ago
Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS - 1 hour ago
Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource - 1 hour ago
KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques - 2 hours ago
Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications - 3 hours ago
BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard's Attacks - 4 hours ago
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack - 6 hours ago
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords - 7 hours ago
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - 8 hours ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 8 hours ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 8 hours ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 11 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 11 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 11 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 12 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 13 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 15 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 15 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) To Hack Windows Systems - 6 minutes ago
New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API - 33 minutes ago
Have I Been Pwned likely to Ban Resellers - 1 hour ago
Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS - 1 hour ago
Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource - 1 hour ago
KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques - 2 hours ago
Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications - 3 hours ago
BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard's Attacks - 4 hours ago
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack - 6 hours ago
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords - 7 hours ago
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - 8 hours ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 8 hours ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 8 hours ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 11 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 11 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 11 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 12 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 13 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 15 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 17 hours ago