109 matches found
CVE-2019-20493
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled SEC-520...
Design/Logic Flaw
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled SEC-520...
CVE-2019-20493
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled SEC-520...
CVE-2019-20493
CVE-2019-20493 affects cPanel prior to 82.0.18. The vulnerability is a self‑XSS caused by mishandled JSON string escaping (SEC-520). Exploitation would require user interaction and can originate from a network context, with a CVSS3.1 base score of 6.1 (MEDIUM) and CVSS2 score of 4.3 (MEDIUM) as d...
harwinsglobal.com Improper Access Control vulnerability
Security Researcher error404 Helped patch 520 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting harwinsglobal.com website and its users. Following...
trumaple.ca Cross Site Scripting vulnerability
Security Researcher error404 Helped patch 520 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting trumaple.ca website and its users. Following coordinated a...
Debian DLA-520-1 : horizon security update
It was discovered that there was an XSS vulnerability in horizon, a Django module providing web interaction with OpenStack. For Debian 7 'Wheezy', this issue has been fixed in horizon version 2012.1.1-10+deb7u1. We recommend that you upgrade your horizon packages. NOTE: Tenable Network Security h...
wunderground.com XSS vulnerability
Vulnerable URL: https://www.wunderground.com/blog/nationalsummary/weather-underground-national-forecast-for-friday-april-29%27%22%3E%3CScRiPt%20%3Eprompt%28/OPENBUGBOUNTY/%29%3C/ScRiPt%3E-2016 Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:...
F5 Networks BIG-IP : SSH vulnerability (K13600)
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. The following platforms a...
Cisco NX-OS Software Routing Information Protocol Denial of Service Vulnerability
A vulnerability in the Routing Information Protocol RIP service engine of Cisco NX-OS Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition by causing the RIP service engine to restart. The vulnerability is due to improper input filtering of RIP...
F5 BIG-IP remote root authentication bypass Vulnerability
A platform-specific remote root access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a publicly known SSH private key for the root user which is present on all vulnerable appliances. The...
CVE-2012-0364
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495...
CVE-2012-0363
The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID...
CVE-2012-0365
Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified...
Command injection
The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID...
CVE-2012-0363
Cisco SRP 500 Series Web Interface Command Injection (CVE-2012-0363) affects Cisco SRP 520/540 series devices with specific pre-update firmware. An authenticated user could cause the device to execute arbitrary OS commands via the web interface (command injection) as described in CSCtt46871. Affe...
CVE-2012-0364
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495...
CVE-2012-0363
The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID...
CVE-2012-0365
Cisco SRP 500 Series devices (including SRP 521W/526W/527W and SRP 521W-U/526W-U/527W-U; and SRP 541W/546W/547W) with firmware before 1.1.26 (520 series) or before 1.2.4 (520W‑U and 540 series) are affected by CVE-2012-0365. The vulnerability is a directory traversal in the Local TFTP file-upload...
CVE-2012-0364
CVE-2012-0364 affects Cisco Small Business SRP 500 Series devices (SRP 520/520W-U/540) with firmware older than 1.1.26 or 1.2.4, where an unauthenticated remote attacker could upload a configuration file via an unspecified URL, potentially replacing device configurations. The Cisco Security Advis...