16 matches found
CVE-2022-43624
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-43624
Affected product: D-Link DIR-1935, firmware version 1.03. The vulnerability (CVE-2022-43624) is a command injection flaw in the web management portal, triggered by parsing subelements inside StaticRouteIPv6List during SetStaticRouteIPv6Settings handling. The issue allows network-adjacent attacker...
Mageia: Security Advisory (MGASA-2020-0339)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : roundcubemail (openSUSE-2020-1516)
This update for roundcubemail fixes the following issues : roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. boo1175135 - Security: Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 - Security: Fix cross-site scripting XS...
openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2020:1516-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 32 : roundcubemail (2020-d0f8f20cfc)
RELEASE 1.4.8 - Security: Fix potential XSS issue in HTML editor of the identity signature input 7507 - Managesieve: Fix too-small input field in Elastic when using custom headers 7498 - Fix support for an error as a string in messagebeforesend hook 7475 - Elastic: Fix redundant scrollbar in plai...
Updated roundcubemail packages fix security vulnerabilities
Fix potential XSS issue in HTML editor of the identity signature input Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 Fix cross-site scripting XSS via HTML messages with malicious math content...
CVE-2020-16145
CVE-2020-16145 affects Roundcube Webmail prior to 1.3.15 and 1.4.8, where a crafted SVG in HTML messages can trigger stored XSS during display. Advisories confirm fixes in 1.3.15 and 1.4.8; remediation is to upgrade to these versions or newer. Occurrence details are supported by OpenSUSE/Tenable/...
[SECURITY] [DSA 4744-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4744-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 12, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4744-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4744-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 12, 2020 https://www.debian.org/security/faq -...
CVE-2019-16145
CVE-2019-16145 affects the padrino-contrib breadcrumbs module (up to version 0.2.0) used with Padrino Framework. The root cause is an XSS in the caption parameter of breadcrumbs.rb that is not properly escaped, allowing script injection. This can enable an attacker to steal session tokens or perf...
Opsview Monitor 5.x Command Execution Vulnerability
Exploit for multiple platform in category web applications Opsview Monitor Multiple Vulnerabilities 1. Advisory Information Title: Opsview Monitor Multiple Vulnerabilities Advisory ID: CORE-2018-0008 Advisory URL: http://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities Dat...
CVE-2018-16145
Opsview Monitor vulnerability CVE-2018-16145 affects the boot-time script /etc/init.d/opsview-reporting-module, which runs with Nagios privileges and can be used to elevate to root after a reboot by editing the /opt/opsview/jasper/bin/db_jasper component. The root cause is that the vulnerable scr...
Multiple Remote Code-Execution Flaws Patched in Opsview Monitor
A slew of vulnerabilities have been disclosed in Opsview Monitor a proprietary IT monitoring software for networks and applications, which could enable remote code-execution, command-execution and local privilege-escalation. A total of five flaws CVE-2018-16148, CVE-2018-16147, CVE-2018-16146,...
CVE-2017-16145
CVE-2017-16145 describes a directory traversal vulnerability in the sspa server for single-page apps. The issue arises because sspa resolves relative file paths, allowing an attacker to access files outside the intended directory by requests containing sequences like ../../. The impact is potenti...