Dp300,te60,tp3106,viewpoint 9030,ecns210 Td,espace 7950,espace Iad,espace U1981 Security Vulnerabilities

Image Builder security, bug fix, and enhancement update

cockpit-composer [41-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release [37-1] - New upstream release [35-1] - New upstream...

Oracle Linux 9 : Image / Builder (ELSA-2022-7950)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7950 advisory. A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a...

WordPress Newspaper < 12 - Cross-Site Scripting

WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized...

Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.....

(RHSA-2022:7950) Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.....

Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.....

Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service.....

Description of the security update for SharePoint Foundation 2013: November 8, 2022 (KB5002303)

Description of the security update for SharePoint Foundation 2013: November 8, 2022 (KB5002303) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002267)

Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002267) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the...

Unauthenticated stored XSS via username & name parameters

There is a stored XSS vulnerability due to improper sanitization of usernames. Vulnerable code User.php line 532: ```php public function isValidLogin(string $login): bool { $login = (string)$login; if (strlen($login) &lt; $this-&gt;loginMinLength || !preg_match($this-&gt;validUsername,...

CVE-2020-36605

Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write....

Design/Logic Flaw

Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write....

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address PoC Run the below command in the developer console of the web browser while being on the blog as an...

WordPress tagDiv Composer plugin < 3.5 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Truoc Phan (Techlab Corporation) in WordPress tagDiv Composer plugin (versions &lt; 3.5). Solution Update the WordPress tagDiv Composer plugin to the latest available version (at least...

Cross-Site Scripting (XSS)

zoneminder is vulnerable to cross-site scripting. The vulnerability is possible by backing out of the current "tr" "td" brackets which allows an attacker to inject and execute code that will execute when a user views the specific log on the "view=log"...

Member Hero <=1.0.9 - Remote Code Execution

WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware,...

MapTool 1.11.5 Cross Site Scripting

...

Stripe Green Downloads 2.03 - Cross Site Web Vulnerability

...

Vicidial 2.14-783a Cross Site Scripting

...

Stripe Green Downloads 2.03 Cross Site Scripting

...

espace-evasion-delmoly.com Cross Site Scripting vulnerability OBB-2998933

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

espace-couture.fr Cross Site Scripting vulnerability OBB-2990906

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Description of the security update for SharePoint Foundation 2013: October 11, 2022 (KB5002284)

Description of the security update for SharePoint Foundation 2013: October 11, 2022 (KB5002284) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

...

CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...

CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...