allstareventtickets.com XSS vulnerability

Open Bug Bounty ID: OBB-666781 Description| Value ---|--- Affected Website:| allstareventtickets.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

[SECURITY] Fedora 28 Update: gdm-3.28.3-1.fc28

GDM, the GNOME Display Manager, handles authentication-related backend functionality for logging in a user and unlocking the user's session after it's been locked. GDM also provides functionality for initiating user-switc hing, so more than one user can be logged in at the same time. It handles...

CVE-2018-11511

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the ‘albumid’ or ‘scope’ parameter via a photo-gallery/api/album/treelists/ URI. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

Design/Logic Flaw

A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable EXE files...

CVE-2018-0419

A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable EXE files...

Authentication flaw

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in SAP NetWeaver 7.3 - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying...

CVE-2018-1422

IBM Jazz Foundation products IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML...

Memory corruption

A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and...

CVE-2018-12941

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to th...

studylib.es XSS vulnerability

Open Bug Bounty ID: OBB-654857 Description| Value ---|--- Affected Website:| studylib.es Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-12175

Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component (CNVD-2019-28268)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PeopleTools is one of the tools and technology platform components that...

CVE-2018-1999008

October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...

CVE-2018-2970

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: PIA Search Functionality. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2018-2970

CVE-2018-2970 affects Oracle PeopleSoft: PeopleSoft Enterprise PeopleTools, subcomponent PIA Search Functionality, with affected versions 8.55 and 8.56. Connected CNVD-2019-28268 documents a vulnerability in this subcomponent that could let an attacker gain unauthorized access to data, aligning w...

Design/Logic Flaw

Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management NSM 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface...

CVE-2018-6681

CVE-2018-6681 is an Abuse of Functionality vulnerability in McAfee Network Security Management (NSM) 9.1.7.11 and earlier. The issue occurs in the web interface where authenticated users can cause arbitrary HTML to be reflected in the response page, via the appliance’s web interface. Affected sof...

CVE-2018-6681 SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability

Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management NSM 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface...