OverIT Geocall Cross-Site Scripting Vulnerability

OverIT Geocall is a field service management solution from OverIT Italy. A cross-site scripting vulnerability exists in version 6.3 prior to OverIT Geocall build 2:346977, which stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit the...

Palo Alto Networks Expedition Migration Tool Cross-Site Scripting Vulnerability (CNVD-2019-14250)

Palo Alto Networks Expedition Migration Tool is a security policy configuration migration tool from Palo Alto Networks, USA. A cross-site scripting vulnerability exists in Palo Alto Networks Expedition Migration Tool version 1.1.8 and prior versions, which stems from a lack of proper validation o...

WIKINDX Cross-Site Scripting Vulnerability

Wikindx is a suite of virtual research environments online bibliography and quote/notes management and article creation system. A cross-site scripting vulnerability exists in Wikindx versions prior to 5.7.0, which stems from a lack of proper validation of client-side data by the WEB application. ...

Sql injection

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sqlerrorlog/YYYY-MM-DD-sqlerrorlog.log filenames. The log file could contain sensitive client data email addresses and also facilitates exploitation of SQL injection errors...

CVE-2018-19513

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sqlerrorlog/YYYY-MM-DD-sqlerrorlog.log filenames. The log file could contain sensitive client data email addresses and also facilitates exploitation of SQL injection errors...

M-Server Cross-Site Scripting Vulnerability

M-Server is a small http static server . M-Server suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

Webgalamb Information Disclosure / XSS / CSRF / SQL Injection

Summary ------- Vendor: E.N.S. Zrt www.ens.hu Product: Webgalamb www.webgalamb.hu, www.facebook.com/webgalamb Webgalamb is a commercial email marketing software for managing subscription lists and sending out bulk emails. It is not SaaS but a PHP based web application that is typically hosted nex...

IBM Campaign Information Disclosure Vulnerability

IBM Campaign formerly known as Unica Campaign is a management solution from IBM in the United States used to help marketers design, execute, measure, and optimize marketing advertising. A security vulnerability exists in IBM Campaign that stems from the client containing too much detailed...

5 cybersecurity questions retailers must ask to protect their businesses

The Target breach in 2013 may not be the biggest retail breach in history, but for many retailers, it was their watershed moment. Point-of-sale PoS terminals were compromised for more than two weeks. 40 million card details and 70 million records of personal information swiped—part of which was...

Source: Deloitte Breach Affected All Company Email, Admin Accounts

Deloitte, one of the world's "big four" accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted "very few" clients. But according to a source close to the...

Unspecified Vulnerability in Multiple Mimosa Products

Mimosa Client Radios, Mimosa Backhaul Radios, and Mimosa Access Points are all products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa Multi-Point solution. Mimosa Backhaul Radios is a hypervisor for broadband backhaul devices.Mimosa Access Point...

Ansible: Compromised remote hosts can lead to running commands on the Ansible controller

An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

Apache Tapestry Denial of Service Vulnerability

Apache Tapestry is the United States Apache Apache Software Foundation developed a set of frameworks used to create Java-based Web applications. A security vulnerability exists in Apache Tapestry versions prior to 5.3.6, which arises from the program's failure to check for tampering when storing...

Morgan Stanley Insider Theft Wealth Management Client Data

The financial services giant Morgan Stanley announced yesterday that that an employee had stolen sensitive information pertaining to more than 900 of the firm’s wealth-management clients. According to a company press release, the wealth management employee in question “has been terminated.”...

haproxy: remote client denial of service vulnerability

A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy...