CVE-2017-2578

In Moodle 3.x, there is XSS in the assignment submission page...

CVE-2017-2578

In Moodle 3.x, there is XSS in the assignment submission page...

CVE-2017-2578

In Moodle 3.x, there is XSS in the assignment submission page...

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-17-0001: System file inclusion when adding own preset file in Boost theme MSA-17-0002: Incorrect sanitation of attributes in forums MSA-17-0003: PHPMailer vulnerability in no-reply address MSA-17-0004: XSS in assignment submission page...

Rockwell Automation MicroLogix 1100 and 1400 Vulnerabilities

OVERVIEW This advisory was originally posted to the NCCIC Portal library on December 1, 2016, and is being released to the NCCIC/ICS-CERT web site. Alexey Osipov and Ilya Karpov of Positive Technologies have identified vulnerabilities in Rockwell Automation’s Allen-Bradley MicroLogix 1100 and 140...

TP-LINK TDDP Buffer Overflow / Missing Authentication

Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors contacted: TP-Link Release mode: User...

Relevanssi Premium 1.14.4 Code Execution Vulnerability

An unserialization vulnerability in Relevanssi Premium version 1.14.4 could allow for code execution. Details ================ Software: Relevanssi Premium Version: v1.14.4 Homepage: https://www.relevanssi.com/ Advisory report:...

CVE-2016-1598

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages...

CVE-2016-1598

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages...

Code injection

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages...

CVE-2016-1598

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages...

The vulnerability of the Linux operating system’s kernel allows a hacker to trigger a service failure or cause other adverse effects.

The vulnerability in the drivers/media/platform/msm/broadcast/tsc.c file of the Linux operating system’s TSC driver is related to pointer assignment errors. Exploiting this vulnerability could allow a remote attacker to trigger a service failure or cause other effects through a specially created...

Airmail 3.0.2 Cross Site Scripting

Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, [email protected] Date: 2016-08-15 Version: 3.0.2 and earlier Platform: OS X and iOS Site: http://airmailapp.com/...

IBM QRadar SIEM Incorrect Privilege Assignment Local Elevation of Privilege Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar SIEM...

Drupal 7.x < 7.44 / 8.1.x < 8.1.3 User Module Account Saving Improper Role Assignment Remote Issue

Binary data 9399.prm...

The vulnerability of the Cisco IOS operating system, which allows a intruder to trigger a service failure

The vulnerability of the Cisco IOS operating system is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger a service failure pointer assignment to zero through a specially crafted SNMP request...

FRticket Ticket System - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Exploit Title: FRticket - Ticket System - Stored XSS Google Dork: if applicable Date: 11.06.2016 Exploit Author: Hamit ABİŞ Vendor Homepage: http://codecanyon.net/item/frticket-ticket-system/16539836 Version: v1 About Get the world’s most...

FRticket Ticket System 1 Cross Site Scripting

Exploit Title: FRticket - Ticket System - Stored XSS Google Dork: if applicable Date: 11.06.2016 Exploit Author: Hamit ABİŞ Vendor Homepage: http://codecanyon.net/item/frticket-ticket-system/16539836 Version: v1 About Get the world’s most popular customer support ticket system. FRticket is...

FRticket Ticket System - Persistent Cross-Site Scripting

Exploit Title: FRticket - Ticket System - Stored XSS Google Dork: if applicable Date: 11.06.2016 Exploit Author: Hamit ABİŞ Vendor Homepage: http://codecanyon.net/item/frticket-ticket-system/16539836 Version: v1 About Get the world’s most popular customer support ticket system. FRticket is...

CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...