CVE-2017-1222

IBM Tivoli Endpoint Manager IBM BigFix Platform 9.2 and 9.5 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862...

chefsculinar.de XSS vulnerability

Vulnerable URL: https://www.chefsculinar.de//suche.htm?searchedOn=index.htm=""...

Cross site request forgery (csrf)

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...

biblioteca.ucsp.edu.pe XSS vulnerability

Vulnerable URL: https://biblioteca.ucsp.edu.pe/biblioteca/catalogo/buscar.php?conector1=AND=Alexander,+Charles+K.=&campos1;=&search2;=Teorema+de+circuitos&campos2;=temas&search3;="'--!...

gacetanautica.es XSS vulnerability

Vulnerable URL: http://gacetanautica.es/buscar.php?ln=01&pagipg=4"'--!...

adespresso.com XSS vulnerability

Vulnerable URL: https://adespresso.com///?s=...

CVE-2014-0208

Cross-site scripting XSS vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name...

peachstore.fr XSS vulnerability

Vulnerable URL: https://www.peachstore.fr/fr/search?query=w'" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure Timeline: Description| Value...

Command injection

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating...

CVE-2017-6223

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating...

Kaspersky Internet Security KLIF Driver NtAdjustTokenPrivileges_HANDLER Denial of Service(CVE-2016-4305)

Summary A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user mo...

CVE-2017-15290

Mirasys Video Management System VMS 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality...

CVE-2017-13706

XML external entity XXE vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery SSRF attacks, conduct internal port...

tsn.ca XSS vulnerability

Vulnerable URL: http://www.tsn.ca/search/search-7.427283?q=%7B%7B%7B%7D%5B%7BtoString%3A%5B%5D.join%2Clength%3A1%2C0%3A%27proto%27%7D%5D.assign%3D%5B%5D.join%3B%27a%27.constructor.prototype.charAt%3D%5B%5D.join%3B%24eval%27x%3Dalert%5C%27XSSPOSED%5C%27%2F%2F%27%3B+%7D%7D Details: Description| Val...

teplogaz.com.ua XSS vulnerability

Vulnerable URL:...

klinikum-weimar.net XSS vulnerability

Vulnerable URL: http://www.klinikum-weimar.net/web/de/suche/suchen.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 05.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3313599 VIP website status:| No Check klinikum-weimar.net SSL...

tubeid.co XSS vulnerability

Vulnerable URL: https://www.tubeid.co/search/videos//...

Cross site request forgery (csrf)

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing for example an attack against the query parameter to panel/database...

Cisco IOS Software CIP Multiple Vulnerabilities (cisco-sa-20170927-cip)

According to its self-reported version and configuration, the Cisco IOS software running on the remote device is affected by multiple denial of service vulnerabilities in the Common Industrial Protocol CIP feature due to improper processing of unusual but valid CIP requests. An unauthenticated,...

Cb Defense October 2017 Release Speeds Up Your Response

During a response scenario, every minute counts. The faster you can complete your investigation, the faster you can start taking corrective action. That’s why this week we’re happy to announce the October 2017 update of Cb Defense, which improves search functionality within the Cb Defense console...