1116 matches found
KYOCERA Multi-Set Template Editor 3.4 Out-Of-Band XML External Entity Injection
KYOCERA Multi-Set Template Editor 3.4 Out-Of-Band XML External Entity Injection Vendor: KYOCERA Corporation Product https://global.kyocera.com Affected version: 3.4.0906 Summary: KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network...
CVE-2018-7661
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257...
NASA RtRetrievalFramework Code Execution Vulnerability
The NASA RtRetrievalFramework is a framework for retrieving a set of atmospheric parameters from spectrograms with multiple absorption bands. A security vulnerability exists in the Data retrieval function of the RtRetrieval Framework in NASA RtRetrievalFramework version 1.0. A remote attacker cou...
CVE-2018-1000048
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file...
Design/Logic Flaw
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file...
CVE-2018-1000048
NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. This attack appear to be exploitable via Victim tries to retrieve and process a weather data file...
Design/Logic Flaw
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fmIDL.xml...
Gespage 7.4.8 SQL Injection
CVE-2017-7997 Gespage SQL Injection vulnerability Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection Stacked Queries -...
Gespage 7.4.8 - SQL Injection
Gespage 7.4.8 - SQL Injection CVE-2017-7997 Gespage SQL Injection vulnerability Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowing authenticated SQL cod...
OpenText Document Sciences xPression xDashboard SQL Injection Vulnerability
OpenText Document Sciences xPression formerly EMC Document Sciences xPression is a suite of document output management and customer communication solutions from OpenText Canada, Inc. The solution integrates an organization's Customer Relationship Management CRM, Enterprise Content Management ECM,...
CVE-2017-17844
An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block that the attacker cannot directly decrypt to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted...
Fiyo CMS SQL Injection Vulnerability (CNVD-2018-00247)
Fiyo CMS is a content management system CMS for creating CMS templates. A SQL injection vulnerability exists in the /system/site.php file in Fiyo CMS version 2.0.7. A remote attacker can exploit the vulnerability to retrieve data from the database...
Ulterius Server < 1.9.5.0 - Directory Traversal
Exploit Title: Ulterius Server 1.9.5.0 Directory Traversal Arbitrary File Access Date: 11/13/2017 Exploit Author: Rick Osgood Vendor Homepage: https://ulterius.io/ Software Link: https://github.com/Ulterius/server/tree/0e4f2113da287aac88a8b4c5f8364a03685d393d Version: 1.9.5.0 Tested on: Windows...
CVE-2017-1000382
It was found that vim applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files that were not deleted properly, in order to retrieve sensitive data...
Management Console Cross-Site Scripting Vulnerability in Multiple WSO2 Products
WSO2 Application Server is a set of cloud-based application server software.WSO2 Business Process Server is a set of business process server software.Management Console is one of the management console programs. Management Console is one of the management console programs. A cross-site scripting...
[SECURITY] Fedora 27 Update: check-mk-1.2.8p26-1.fc27
check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a new approach for collecting data from operating systems and network compone nts. It obsoletes NRPE, checkbyssh, NSClient, and checksnmp and it has many benefits, the most important are a significant reduction of CPU usag...
HP ArcSight Enterprise Security Manager and Enterprise Security Manager Express Access Control Error Vulnerability
HP ArcSight ESM Enterprise Security Manager and ESM Express are both enterprise security management software with event correlation and security analysis capabilities from Hewlett Packard Enterprise HPE. The software collects, correlates and reports on enterprise-wide security events in real time...
OpenText Document Sciences xPression SQL Injection Vulnerability
OpenText Document Sciences xPression formerly known as EMC Document Sciences xPression is a suite of document output management and customer communication solutions from OpenText Canada. A SQL injection vulnerability exists in OpenText Document Sciences xPression version 4.5SP1 Patch 13. A remote...
Grab: www.drivegrab.com SQL injection
Summary: The website uses a WordPress plugin called Formidable Pro. I found an SQL injection in the plugin code. Description: The plugin allows the site admin to create forms to be filled by users. For this end it implements some AJAX functions, including one to preview or actually just view a...
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection
Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression Exploit was...