Mail.ru: XSS in touch.mail.ru

Browser specific user assisted DOM based XSS in message editor undo functionality via quoted content. Vulnerability did not affected mobile browsers used by majority of touch.mail.ru web interface users...

bankdirector.com XSS vulnerability

Open Bug Bounty ID: OBB-674548 Description| Value ---|--- Affected Website:| bankdirector.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-4010

An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges...

[SECURITY] Fedora 27 Update: glibc-2.26-30.fc27

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Cisco Enterprise NFV Infrastructure Software Input Validation Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. An input validation vulnerability exists ...

awww.fanpop.com XSS vulnerability

Open Bug Bounty ID: OBB-673682 Description| Value ---|--- Affected Website:| awww.fanpop.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

schmid-bus.de XSS vulnerability

Open Bug Bounty ID: OBB-673479 Description| Value ---|--- Affected Website:| schmid-bus.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

filmundo.de XSS vulnerability

Open Bug Bounty ID: OBB-673246 Description| Value ---|--- Affected Website:| filmundo.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-13826

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks...

CVE-2018-13823

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information...

CVE-2018-13826

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks...

CVE-2018-13826

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks...

CVE-2018-13826

CA PPM XOG module suffers an XML External Entity (XXE) vulnerability that enables server-side request forgery. Affected are CA PPM versions 14.3 and below; 14.4; 15.1; 15.2 CP5 and below; 15.3 CP2 and below. The issue arises in the XOG functionality and is documented across CVE-2018-13826 entries...

Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating...

GHSA-2HXV-MX8X-MCJ9 Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating...

vzr.nl XSS vulnerability

Open Bug Bounty ID: OBB-669565 Description| Value ---|--- Affected Website:| vzr.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Design/Logic Flaw

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference IDOR via the Poll ID, leading to the ability of a single user to select multiple Poll Options e.g., vote for multiple items...

PT-2018-6277 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: A denial of service issue exists due to leftover demo functionality, allowing an attacker to reboot the device without authentication by sending a UDP packet. Recommendations: For version 1012, consider...

montecarmoshopping.com.br XSS vulnerability

Open Bug Bounty ID: OBB-667929 Description| Value ---|--- Affected Website:| montecarmoshopping.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

alzforum.org XSS vulnerability

Open Bug Bounty ID: OBB-667546 Description| Value ---|--- Affected Website:| alzforum.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...