SAP CRM WebClient UI Cross-Site Scripting Vulnerability

SAP CRM Customer Relationship Management is a set of German SAP SAP customer relationship management solutions. The program includes sales management, marketing management, customer service system and other modules. SAP CRM WebClient UI is one of the Web client interface. A cross-site scripting...

CVE-2019-0244

SAP CRM WebClient UI fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

GitLab Cross-Site Scripting Vulnerability (CNVD-2018-16515)

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...

PT-2018-16195 · Salesforce · Restforce

Name of the Vulnerable Software and Affected Versions: restforce versions prior to 3.0.0 Description: The issue is related to insufficient URI encoding, allowing an attacker to inject arbitrary parameters into Salesforce API requests. This flaw is only exploitable in applications that pass user...

oauth2orize-fprm cross-site scripting vulnerability

oauth2orize-fprm is a Post Response mode support component for OAth2orize. A cross-site scripting vulnerability exists in the index.js file in versions of oauth2orize-fprm prior to 0.2.1, which stems from the program failing to properly encode input values. A remote attacker can exploit this...

CVE-2018-2410

SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting XSS vulnerability...

Iceni Argus PDF Font-Encoding GlyphMap Adjustment Code Execution Vulnerability

Summary An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font’s name to a single object within an array of objects. Due to ...

The vulnerability of the Oracle Fusion Middleware software allows a remote attacker to replace the RSA signature.

The vulnerability of the Oracle Fusion Middleware software exists in the NSS Network Security Services library of Mozilla, which is used by the Oracle iPlanet Web Server. This vulnerability stems from incorrect processing of ASN.1 values in H.509 certificates. Exploiting this vulnerability could...

UBUNTU-CVE-2013-5855

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a 1 tag or 2 EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting XSS attacks via application-specific vectors...

DEBIAN-CVE-2004-0644

The asn1bufskiptail function in the ASN.1 decoder library for MIT Kerberos 5 krb5 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service infinite loop via a certain BER encoding...

Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption (2)

// source: https://www.securityfocus.com/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper signed interpretation of an unsigned integer value. Consequently, several...