Ivanti EPMM remote code execution

Added: 02/02/2026 CVE: CVE-2026-1281 Background Ivanti Endpoint Manager Mobile, formerly MobileIron Core, is a security and Unified Endpoint Management UEM tool. Problem A command injection vulnerability in Ivanti EPMM could allow an unauthenticated attacker to execute arbitrary commands by sendi...

LdapCherry Cross-site Scripting vulnerbaility

A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address...

CVE-2019-25095

A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address...

Cross site scripting

A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address...

PT-2023-11353 · Unknown · Ldapcherry

Name of the Vulnerable Software and Affected Versions: kakwa LdapCherry versions up to 0.x Description: A problematic issue was found in the URL Handler component, leading to cross site scripting. The attack can be launched remotely, affecting an unknown function. Recommendations: For versions up...

CVE-2017-20160

A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0...

CVE-2017-20159

A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgradin...

Improper Input Validation in Apache Qpid AMQP 0-x JMS

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

PHP-post Web Forum 0.x.1.0 profile.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/20061/info PHP-Post is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied...

HotNews 0.x config[incdir] Parameter Remote File Inclusion

No description provided by source...

BF and FPD vulnerabilities in MODx

Hello 3APA3A! I want to warn you about security vulnerabilities in MODx. This is the first part of the vulnerabilities in this CMS the first 19 vulnerabilities. These are Brute Force and Full path disclosure vulnerabilities in MODx. It's about 0.x and 1.x Evolution versions of MODx CMS. In 2.x...

nginx on Windows Directory Aliases Access Restriction Bypass

According to its Server response header, the installed version of nginx is 0.x greater than or equal to 0.7.52 or 1.x earlier than 1.2.1 / 1.3.1 and is, therefore, affected by an access restriction bypass vulnerability. By using a request with a specially crafted directory name, such as...

Integer overflow

Integer overflow in the createsurfacefromthumbnaildata function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of the...

CVE-2009-3607

Integer overflow in the createsurfacefromthumbnaildata function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of the...

PT-2008-3425 · Digium +1 · Appliance Developer Kit +4

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 1.0.x through 1.2.27 and versions 1.4.x through 1.4.18 Asterisk Business Edition versions A.x.x through B.2.5.1 and versions C.x.x through C.1.8.0 AsteriskNOW versions prior to 1.0.3 Appliance Developer Kit...

[SA19095] Oreka RTP Handling Denial of Service Vulnerability

TITLE: Oreka RTP Handling Denial of Service Vulnerability SECUNIA ADVISORY ID: SA19095 VERIFY ADVISORY: http://secunia.com/advisories/19095/ CRITICAL: Less critical IMPACT: DoS WHERE: From local network SOFTWARE: Oreka 0.x http://secunia.com/product/8523/ DESCRIPTION: A vulnerability has been...

[SA17774] unalz Filename Handling Buffer Overflow Vulnerability

TITLE: unalz Filename Handling Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA17774 VERIFY ADVISORY: http://secunia.com/advisories/17774/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: unalz 0.x http://secunia.com/product/6230/ DESCRIPTION: Ulf Harnhammar h...

[SA16975] sblim-sfcb Multiple Requests Denial of Service Vulnerability

TITLE: sblim-sfcb Multiple Requests Denial of Service Vulnerability SECUNIA ADVISORY ID: SA16975 VERIFY ADVISORY: http://secunia.com/advisories/16975/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: sblim-sfcb 0.x http://secunia.com/product/5777/ DESCRIPTION: A vulnerability has...