WordPress Count per Day Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Count per Day plugin is a plugin that counts the number of visitors to a web page. A cross-site scripting vulnerability exists in...

MyBB Cross-Site Scripting Vulnerability (CNVD-2019-18514)

MyBB MyBulletinBoard is a free and Web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in MyBB versions prior to 1.8.21. The vulnerability stems...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2019-19316)

IBM Connections is a suite of social software platforms from IBM USA. The platform provides advanced analytics and real-time data monitoring capabilities and can accelerate web collaboration within and outside the organization through IBMSmartCloud services. A cross-site scripting vulnerability...

CloudBees Jenkins ElectricFlow Plugin Cross-Site Scripting Vulnerability (CNVD-2019-22636)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . ElectricFlow Plugin is used in one of the...

CVE-2019-3413

All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked...

Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows DirectWrite Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

X-Cart Cross-Site Scripting Vulnerability (CNVD-2019-17133)

X-Cart is an open source e-commerce platform. A cross-site scripting vulnerability exists in X-Cart version V5. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

Ruby Chartkick gem cross-site scripting vulnerability

Ruby Chartkick gem is a Ruby-based package for creating Javascript charts. A cross-site scripting vulnerability exists in Ruby Chartkick gem version 3.1.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...

CVE-2019-5834

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

CVE-2019-5839

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL...

Carel pCOWeb Cross-Site Scripting Vulnerability

Carel pCOWeb is a programmable control card. A cross-site scripting vulnerability exists in Carel pCOWeb versions prior to B1.2.4. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute client-side...

Django Cross-Site Scripting Vulnerability (CNVD-2019-16528)

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. A cross-site scripting vulnerability exists in Django versions 1.11 before 1.11.21, 2.1 before...

Exim Remote Code Execution Vulnerability

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. A remote code execution vulnerability exists in Exim. The vulnerability stems from a network system or product that does not properly validate incoming data. An attacker could exploit this...

Ivanti LANDESK Management Suite Open Directory Vulnerability

Ivanti LANDESK Management Suite LDMS is a suite of endpoint security management software from Ivanti, USA. A exploit catalog vulnerability exists in Ivanti LDMS version 10.0.1.168 Service Update 5. The vulnerability originates from a network system or product that does not properly validate...

CVE-2019-6749

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...