3858 matches found
Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
Cross site request forgery (csrf)
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...
Cross-site Scripting (XSS)
lightning-server is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute malicious script in a user's browser via an error message in the session controller's addData function...
CVE-2020-16270
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of...
Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2020-15666
When trying to load a non-video in an audio/video context the exact status code 200, 302, 404, 500, 412, 403, etc. was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status ...
Information disclosure
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370...
CVE-2020-4531
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...
Information disclosure
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...
Code injection
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
CVE-2020-25788
Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...
PT-2020-16208
Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS versions prior to 2020-09-16 Description A problem was discovered in Tiny Tiny RSS where the imgproxy function in the plugins/af proxy http/init.php file mishandles the url variable in an error message. Recommendations For versio...
Storefront: Error adding user account in the administrative local group
An error displays during Storefront installation "There was an error adding user account in the administrative local group to the citrixstorefrontadministrator local group."...
SUSE-SU-2020:2607-1 Security update for pdsh, slurm_20_02
This update for pdsh, slurm2002 fixes the following issues: Changes in slurm2002: - Add support for openPMIx also for Leap/SLE 15.0/1 bsc1173805. - Do not run %check on SLE-12-SP2: Some incompatibility in tcl makes this fail. - Remove unneeded build dependency to postgresql-devel. - Disable build...
Citrix Gateway SSO Authentication Breaks or "Cannot Complete Your Request" Error After Upgrading to 13.0 64.35
After upgrading to 13.0-64.35 Gateway SSO authentication breaks or you encounter “Cannot Complete Your Request” error...
Improper access control
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS...
CVE-2020-24981
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS...
Published apps not launching for some users when connecting through VPN, no errors
• Users connect to the company’s network using Citrix Gateway VPN • When launching a published app, the progress popup shows up and disappears seconds later, nothing else shows app, no errors • Receiver Connection center shows a connection with the VDA but no app launched • VDA shows the user...
CVE-2020-4166
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402...