Arbitrary file download vulnerability in the downmaterial function on the YxtCMF CourseController.class.ph page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. An arbitrary file download vulnerability exists in the YxtCMF CourseController.class.ph page downmaterial function. Allows an attacker to exploit the vulnerability t...

YxtCMF v3.1.0 SQL Injection Vulnerability in 'ty_id' Parameter

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF v3.1.0 SQL injection vulnerability exists in the 'tyid' parameter. An attacker can exploit this vulnerability to obtain sensitive information from the databas...

Logic Design Vulnerability in ECS Online Learning System v3.1.0

E-learning Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. E-learning system v3.1.0 has a logical design vulnerability that can be exploited by attackers to reset any user's password and obtain sensitive user information...

Important: aws-cfn-bootstrap

Issue Overview: A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory CVE-2017-9450 Affected Packages: aws-cfn-bootstrap Issue...

e107 v2 Bootstrap CMS - CSRF Web Vulnerability

Document Title: =============== e107 v2 Bootstrap CMS - CSRF Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2083 Release Date: ============= 2017-07-05 Vulnerability Laboratory ID VL-ID: ==================================== 2083 Commo...

e107 v2 Bootstrap CMS - Cross Site Scripting Vulnerability

Document Title: =============== e107 v2 Bootstrap CMS - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2082 Release Date: ============= 2017-07-03 Vulnerability Laboratory ID VL-ID: ===================================...

Drupal Bootstrap Module Information Disclosure Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An information disclosure vulnerability exists in the Drupal Bootstrap module. An attacker can exploit this vulnerability to obtain sensitive information leading to furthe...

Bootstrap - Critical - Information Disclosure - SA-CONTRIB-2017-048

This theme enables you to bridge the gap between the Bootstrap Framework and Drupal. The theme does not sufficiently exclude the submitted password value when an incorrect value has been submitted Versions affected bootstrap 8.x-3.x versions prior to 8.x-3.5. Drupal core is not affected. If you d...

Cross-site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The attacks exist because the data-target attribute uses user-supplied input which is then interpreted directly using standard HTML entities encoding...

Sybil Attacks

github.com/nebulouslabs/sia is vulnerable to sybil attacks. The attacks can be easily triggered because it does not prevent multiple connections from the same IP address. When bootstrap nodes are "full" i.e., 128 connections, it does not accept any new peers without disconnecting its current peer...

java-1.8.0-openjdk security update

1:1.8.0.121-0.b13 - Update to aarch64-jdk8u121-b13. - Update PR1834/RH1022017 fix to reduce curves reported by SSL to apply against u121. - Re-generate RH1393047 ObjectInputStream patch against u121. - Resolves: rhbz1410612 1:1.8.0.112-0.b16 - Update to aarch64-jdk8u112-b16. - Drop upstreamed...

e107 2.1.2 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications e107 Content Management System CMS - Multiple Issues Affected Versions ================= e107 2.1.2 Bootstrap CMS Issue Overview ============== Vulnerability Type: Multiple Vulnerabilities Technical Risk: medium Likelihood of Exploitation:...

java-1.7.0-openjdk security update

1:1.7.0.121-2.6.8.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.121-2.6.8.0 - Turn off HotSpot bootstrap to see if it resolves build issues. - Resolves: rhbz1381990 1:1.7.0.121-2.6.8.0 - Bump to 2.6.8 and u121b00. - Drop patches S7081817, S8140344, S8145017 and S8162344 applied upstream. - Update...

Bootstrap - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-058

The Bootstrap theme enables you to integrate the Bootstrap framework with Drupal. The theme does not sufficiently filter potential user-supplied data when it's passed to certain templates can which lead to a Persistent Cross Site Scripting XSS vulnerability. CVE identifiers issued ACVE identifier...

Multiple Cross-Site Scripting Vulnerabilities in Wordpress Plugin tiny-bootstrap-elements-light

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in the Wordpress plugin tiny-bootstrap-elements-light. The program fails to filter user-supplied input, allowing...

XSS vulnerability via data-target in bootstrap-sass

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...

XSS vulnerability via data-target in bootstrap

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...

TYPO3 Bootstrap Package Extension Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland.Bootstrap Package is one of the plugins that configures the front-end theme extension. A cross-site scripting vulnerability exists in versions of TYPO3 Bootstrap Package...

Cross-Site Scripting

Overview All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has...

openSUSE Security Update : xen (openSUSE-2016-34)

This update for xen fixes the following security issues : - CVE-2015-8550: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: qemu: usb: infinite loop in ehciadvancestate results in DoS boo959006 - CVE-2015-7549: qemu pci: NULL pointer dereference...