Cross site scripting

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting XSS issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in January 2021. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...

SUSE: Security Advisory (SUSE-SU-2018:0861-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ASA-202103-14] groovy: privilege escalation

Arch Linux Security Advisory ASA-202103-14 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2020-17521 Package : groovy Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1325 Summary ======= The package groovy before version...

Xerox AltaLink 加密问题漏洞

Xerox AltaLink is a hardware device from the American Xerox Xerox company. It provides a print-copy function. A security vulnerability exists in On Xerox AltaLink, which arises from unencrypted portions of the drive that contain executable code. The following products and versions are affected: O...

CVE-2019-14478

AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...

Cross site scripting

AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...

CVE-2019-14478

AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...

Huawei EulerOS: Security Advisory for perl-Module-Load-Conditional (EulerOS-SA-2020-2013)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-7530

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...

CVE-2020-7530

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...

Internet Bug Bounty: CVE-2017-13041 The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().

Description: Versions of tcpdump before 4.9.2 are vulnerable to a buffer over-read in print-icmp6.c. This vulnerability was disclosed to the tcpdump maintainers and was recently patched in version 4.9.2 and disclosed as CVE-2017-13041. Patch:...

Internet Bug Bounty: CVE-2017-13040 The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.

Description: Versions of tcpdump before 4.9.2 are vulnerable to a buffer over-read in print-mptcp.c. This vulnerability was disclosed to the tcpdump maintainers and was recently patched in version 4.9.2 and disclosed as CVE-2017-13040. Patch:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by IBM Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in January 2020. IBM Cast Iron has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2593 DESCRIPTION: An unspecified...

Security Bulletin: Windows DLL injection vulnerability with IBM Java Affects SPSS Modeler

Summary IBM® Runtime Environment Java™ Version JRE7, JRE8SR4FP10 and JRE8SR5FP25 used by IBM SPSS Modeler on windows platform has a windows dll injection vulnerability. The issues is addressed. Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version 7.0.0....

Low: Red Hat Security Advisory: elfutils security update

An update for elfutils is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Foxit Studio Photo EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-10796

CVE-2019-10796 affects the Node.js Raspberry Pi GPIO library (rpi) up to version 0.0.3. The GPIO() function uses the pinNumbver argument as part of the command executed via exec without sanitization, enabling command injection/remote code execution. A PoC exists showing injection through the exec...

CVE-2015-6000

Unrestricted file upload vulnerability in the SettingsVtigerCompanyDetailsSaveAction class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then...