Magento cross-site scripting vulnerability (CNVD-2019-34461)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. Magento cross-site scripting vulnerability , the vulnerability stems from the lack of WEB applications on the...

WordPress animate-it plugin cross-site scripting vulnerability (CNVD-2019-34454)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. animate-it is a plugin used to add CSS3 animations to web pages. A cross-site scripting vulnerability exists in WordPress animate-it...

noVNC Cross-Site Scripting Vulnerability

noVNC is an HTML VNC Virtual Network Computing client library. A cross-site scripting vulnerability exists in versions of noVNC prior to 0.6.2. The vulnerability stems from the lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to...

Microsoft Windows user32 Cursor Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Jiangnan Online Judge Cross-Site Scripting Vulnerability

Jiangnan Online Judge is an online evaluation system for computer programming. The system is mainly used for compiling and executing the source code submitted by users and checking the correctness of the program source code. A cross-site scripting vulnerability exists in Jiangnan Online Judge...

WordPress altos-connect plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. altos-connect is one of the plugins used in it. A cross-site scripting vulnerability exists in version 1.3.0 of the WordPress...

Enhanced API Scanning with Postman Support in Qualys WAS

Due to the fast-growing usage of REST APIs, having a way to test them for vulnerabilities in an automated, reliable way is more important than ever. Automated testing of APIs is a little trickier than for web applications. You can't simply enter a starting URL for the scanner and click "Go"...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-13323

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-13325

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-12673

A vulnerability in the FTP inspection engine of Cisco Adaptive Security ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient validatio...

PT-2019-3392 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the FTP inspection engine could allow an unauthenticated, remote...

Flower Cross-Site Scripting Vulnerability

Flower is a web-based tool for monitoring and managing Celery clusters. A cross-site scripting vulnerability exists in Flower version 0.9.3, which stems from a lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute client-side code...

formcraft3 plugin for WordPress cross-site scripting vulnerability

formcraft3 plugin for WordPress is a drag and drop form builder plugin for use in WordPress. A cross-site scripting vulnerability exists in formcraft3 plugin for WordPress versions prior to 3.4. The vulnerability stems from the WEB application failing to properly validate client-side data. An...

Foxit Studio Photo EPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

WordPress quotes-collection plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress quotes-collection plugin versions prior to 2.0.6. The...

py-lmdb buffer overflow vulnerability (CNVD-2019-39380)

py-lmdb is an LMDB an embedded transactional database for Python. A buffer overflow vulnerability exists in py-lmdb version 0.97. The vulnerability stems from a networked system or product that performs operations in memory without properly validating data boundaries, resulting in incorrect read...

Microsoft Windows user32 Cursor Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...