Security Bulletin: IBM MQ Light - Improper handling of authentication credentials (CVE-2015-1956)

Summary IBM MQ Light is vulnerable to a denial of service, caused by an improper handling of authentication credentials. By constructing particular byte sequences a remote attacker could cause consumption of all available disk resources. Vulnerability Details CVEID: CVE-2015-1956 DESCRIPTION: IBM...

Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) Coach NG framework (CVE-2015-0158)

Summary IBM Business Process Manager Coach NG framework is vulnerable to cross-site scripting, which is caused by the improper validation of user-supplied input. A remote attacker might exploit this vulnerability using a specially crafted URL to execute a script in a user's web browser within the...

Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) Process Portal (CVE-2015-0105)

Summary IBM Business Process Manager is vulnerable to cross-site scripting, which is caused by the improper validation of user-supplied input. A remote attacker might exploit this vulnerability using a specially crafted URL to execute a script in a user's web browser within the security context o...

Security Bulletin: IBM WebSphere Lombardi Edition and IBM Business Process Manager (BPM) cross-site scripting vulnerability in error situations (CVE-2014-0957)

Summary When you invoke a service using a URL, user input can be returned in unhandled service failure situations. Vulnerability Details CVE ID: CVE-2014-0957 DESCRIPTION: IBM WebSphere Lombardi Edition and IBM Business Process Manager are vulnerable to cross-site scripting that is caused by the...

CVE-2018-11690

The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the...

CVE-2018-11688

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

CVE-2018-11688

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

Cross site scripting

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

CVE-2018-11688

CVE-2018-11688 affects Ignite Realtime Openfire prior to 3.9.2. The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user-supplied input, enabling a remote attacker to craft a URL that, when clicked, executes script in the victim’s browser within the site’s secu...

Joomla 2.4.0 Gridbox Cross Site Scripting

I. VULNERABILITY ------------------------- Gridbox extension for Joomla! alert1 For app parameter: http://localhost:81/bg...

WebSocket Live Chat Cross-Site Scripting Vulnerability

WebSocket Live Chat is an instant messaging script that allows you to create groups and send individual messages. It is suitable for social messaging and live support systems. A cross-site scripting vulnerability exists in WebSocket Live Chat. An attacker could execute arbitrary code in a user's...

Sint Wind PI 01.26.19 Authentication Bypass

Sint Wind PI v01.26.19 Authentication Bypass Vendor: Tonino Tarsi Product web page: https://github.com/ToninoTarsi/swpi Affected version: 01.26.19 Summary: A Meteo Station software for Raspberry PI. Capability include telephone answering, webcams, digital cameras, web. A Sint Wind is a wind...

Microsoft Windows 10: Enable computer and user accounts to be trusted for delegation

This policy setting determines which users can set the Trusted for Delegation setting on a user or computer object. Security account delegation provides the ability to connect to multiple servers, and each server change retains the authentication credentials of the original client. Delegation of...

Thycotic Secret Server Remote Desktop Launcher Remote Desktop Launch Vulnerability

Thycotic Secret Server is a suite of password protection software from Thycotic, Inc. Remote Desktop Launcher is one of the remote desktop launchers. A security vulnerability exists in Remote Desktop Launcher in versions of Thycotic Secret Server prior to 8.6.000010, which stems from the program...

CVE-2018-5261

An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication...

CVE-2018-5261

Flexense DiskBoss 8.8.16 and earlier has a vulnerability where plaintext data from the handshake is used as input for the encryption key for the rest of the session, allowing a man-in-the-middle to access sensitive information such as authentication credentials. Source reports include NVD and CNV...

PHP < 5.6.33, 7.x < 7.0.27, 7.1.x < 7.1.13, 7.2.x < 7.2.1 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

WordPress MQ ReLinks 1.8 XSS / Open Redirection

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable MQ ReLinks 1.8 MQ ReLinks is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

Design/Logic Flaw

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials...

CVE-2017-1000431

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials...