CVE-2017-8892

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

CVE-2017-8892

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

Cross site scripting

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

CVE-2017-8892

CVE-2017-8892 describes a cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 where an attacker can persistently inject arbitrary web script or HTML via the name of an uploaded image. The issue is documented across multiple feeds (NVD/Red Hat/CNVD/CVE listing) with both CVSS2 (4...

CVE-2017-8892

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

Telaxus EPESI Cross-Site Scripting Vulnerability

Telaxus EPESI is a Polish company Telaxus open source customer relationship management system based on PHP/Ajax framework CRM. The system provides schedule management , multi-user address book , proxy matters and other functions . Telaxus EPESI 1.8.2 and earlier versions of the module...

Custom 32-Bit Cursors appear with a black box around them using HDX 3D Pro VDA 7.15

When connecting to an HDX3D Pro Desktop VDA from a client running Receiver for Linux, a black box will surround some custom cursors in applications such as Adobe Photoshop...

WPSeku - Simple Wordpress Security Scanner

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. Usage | | \ \ /\ / / ' / |/ \ |/ / | | | \ V V /| | \ \ / | || | // | ./|/||\,| || -- WPSeku - Wordpress Security Scanner -- WPSeku - v0.1.0 -- Momo Outaadi...

CVE-2016-6333

Cross-site scripting XSS vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css...

CVE-2016-6333

Cross-site scripting XSS vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css...

CVE-2016-6333

Cross-site scripting XSS vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css...

Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)

In the last few months, I have been testing several Trend Micro products with Steven Seeley @steventseeley. Together, we have found more than 200+ RCE Remote Code Execution vulnerabilities and for the first time we presented the outcome of our research at Hack In The Box 2017 Amsterdam in April...

Multiple AVM FRITZ!Box VoIP Remote Code Execution

Several models of the AVM FRITZ!Box are vulnerable to a heap-based buffer overflow, which allows attackers to execute arbitrary code on the device. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

CVE-2017-3045

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box...

Memory corruption

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box...

CVE-2017-3045

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box...

Converged Smart Set-Top Box z84 Vulnerability in Overstepping Rights of Any User to Modify Administrator Configuration

Convergent smart set-top box z84, is a set-top box product of Shenzhen Zhaoneng Xuntong Technology Co., Ltd, is a wireless wifi and smart TV connection set in one device, is widely used in hotels and homes with smart TV set-top box for telecommunication. Converged Smart STB z84 is vulnerable to a...

Stored Cross-Site Scripting Vulnerability in Converged Smart STB z84

Convergent smart set-top box z84, is a set-top box product of Shenzhen Zhaoneng Xuntong Technology Co., Ltd, is a wireless wifi and smart TV connection set in one device, is widely used in hotels and homes with smart TV set-top box for telecommunication. Converged Smart STB z84 has a stored...

Radio Hack Box - Tool to Demonstrate Vulnerabilities in Wireless Input Devices

The SySS Radio Hack Box is a proof-of-concept software tool to demonstrate the replay and keystroke injection vulnerabilities of the wireless keyboard Cherry B.Unlimited AES. Requirements Raspberry Pi Raspberry Pi Radio Hack Box shield a LCD, some LEDs, and some buttons nRF24LU1+ USB radio dongle...

Description of Microsoft Office Web Apps Server Service Pack 1 (SP1)

Description of Microsoft Office Web Apps Server Service Pack 1 SP1 Introduction Microsoft Office Web Apps Server Service Pack 1 SP1 provides the latest updates for Office Web Apps Server. This service pack includes two kinds of fixes: Previously unreleased fixes that are included in this service...