123 matches found
CVE-2019-18923
Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin...
CVE-2019-1882 Cisco Industrial Network Director Stored Cross-Site Scripting Vulnerability
A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...
Cisco Industrial Network Director Stored Cross-Site Scripting Vulnerability
A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...
Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to improper content validation (CVE-2016-3020)
Summary IBM Security Access Manager appliances could allow a remote attacker to bypass security restrictions, caused by improper content validation. Vulnerability Details CVEID: CVE-2016-3020 DESCRIPTION: IBM Security Access Manager for Web could allow a remote attacker to bypass security...
CVE-2018-8176
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office...
The vulnerability of the tickets.php script in the osTicket customer support system, which allows a perpetrator to upload malicious files.
The vulnerability of the tickets.php script in the osTicket customer support system is related to an incorrect mechanism for checking file content during loading. Exploiting this vulnerability allows a malicious actor to upload malicious files remotely...
Docker-CE Denial of Service Vulnerability
Docker-CE aka Moby is a set of frameworks for installing systems in containers. A security vulnerability exists in Docker-CE that stems from the program failing to perform content validation. A remote attacker could exploit the vulnerability to cause a denial of service...
CVE-2017-15580
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. A...
IBM Security Access Manager Security Bypass Vulnerability (CNVD-2017-01409)
IBM Security Access Manager is a security access manager from IBM USA. A security vulnerability exists in IBM Security Access Manager that stems from the program failing to properly validate content. An attacker could exploit the vulnerability by tricking a user into opening specially crafted...
CVE-2016-3020
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a...
Input validation
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a...
CVE-2016-3020
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a...
CVE-2016-3020
Summary of CVE-2016-3020 (IBM Security Access Manager) : IBM Security Access Manager for Web versions 7.0, 8.0, and 9.0 appliances could allow a remote attacker to bypass security restrictions due to improper content validation. By persuading a user to open specially crafted content, an attacker ...
Microsft Browser Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft browsers do not properly validate content under specific conditions. An attacker who exploited the vulnerability could run arbitrary code that could lead to an information disclosure. In a web-based attack scenario, an attacker could...
rtalabel.org XSS vulnerability
Vulnerable URL: http://www.rtalabel.org/?content=validate=17632092058dcb95f745944553483c47=RTA-5042-1996-1400-1577-RTA'%22%26%25prompt/XSSPOSED/...
KLA10670 Multiple vulnerabilities in Adobe products
Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Type confusion,...
Untangle Cross Site Scripting / Information Disclosure
This is a follow up to an earlier post, highlighting an XSS and information disclosure vulnerability in versions of Untangle 9-11 The previous post is shown in full below this post. Additional un-patched vectors have been discovered that allow for these issues to be exploited with increased...
Drupal 7. x SQL Injection exp (CVE-2 0 1 4-3 7 0 4)-vulnerability warning-the black bar safety net
| 1 | import urllib2,sys ---|--- 2 | from drupalpass import DrupalHash https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py ---|--- 3 | if lensys. argv != 4: ---|--- 4 | print "" ---|--- 5 | print "python 7.xSQL.py admin 1 2 3 4 5 6" ---|--- 6 | print "" ---|--- 7 |...
phpcms front Desk avatar upload vulnerability to cause the webshell detailed and case-vulnerability warning-the black bar safety net
What is upload vulnerability A lot of cms in order to enrich their functions are to provide the upload an avatar, upload pictures and other functions. But if the uploaded content does not do better than the filter, it is equal to say to the attacker to an arbitrary code execution. For example, an...
CVE-2008-4792
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values...