6680 matches found
CVE-2016-4965
Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosiscontrol.php...
MariaDB 10.1.0 < 10.1.17
The version of MariaDB installed on the remote host is prior to 10.1.17. It is, therefore, affected by a vulnerability as referenced in the 10.1.17 advisory. - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x...
ffcc.fr XSS vulnerability
Vulnerable URL:...
arcancil.com XSS vulnerability
Vulnerable URL: http://www.arcancil.com/fr/recherche?orderby=position=descquery=%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3Esearch=OK Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...
SecNews: DOM based XSS in search functionality
Overview === Search query is inserted into the HTML of the page without proper encoding. Specifically, a single-quote is not html-encoded albeit escaped, even twice, which allows the attacker to break out of the HTML attribute and inject arbitrary tags. html curl -s...
[SECURITY] Fedora 25 Update: php-horde-Horde-Core-2.26.1-1.fc25
These classes provide the core functionality of the Horde Application Framework...
CVE-2016-3898
Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service loss of locked-screen 911 TTY functionality via a crafted application that modifies the TTY mode by broadcasting an intent, aka internal bug...
ultimate-guitar.com XSS vulnerability
Vulnerable URL: http://www.ultimate-guitar.com/search.php?approved1=1name=ugtname=mbtvccdk'%22alert'OPENBUGBOUNTY'...
Advanced ads Management <= 1.3 - Authenticated Stored Cross-Site Scripting (XSS)
Any authenticated user, including authors, can embed JavaScript via the 'HTML Codes' functionality when creating a new add. Embedding JavaScript should be restricted to users with the 'unfilteredhtml' capability...
Boozt Fashion AB: PHP info page disclosure on http://www.day.dk/
Hi, Boozt team. Description: phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: 1. Go to http://www.day.dk/check.php An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version...
BSNL Teracom Router Firmware Rewrite / Link Modification
Multiple Vulnerabilities in TERACOM ROUTER Author: Ajay Gowtham aka AJOXR Contact: gowtham.ajay5 at gmail.com Vulnerability Type: Insecure Upload File Permissions Affected Module: Upload Functionality Criticality: Medium Device Model: BSNL Teracom T2-B-Gawv1.4U10Y-BI is WiFi enabled ADSL2+...
forum.cosmogirl.com.tr XSS vulnerability
Vulnerable URL: http://forum.cosmogirl.com.tr/search.php?q="/alert/openbugbounty/...
sthelensreporter.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-177875 Description| Value ---|--- Affected Website:| sthelensreporter.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
datezone.com XSS vulnerability
Vulnerable URL: http://www.datezone.com/index.php?action=szukaj=proste=Szukaj=2para=parapartner==0celu=szukamcelcyberod=34do=34=oxk3g...
drink.ch XSS vulnerability
Vulnerable URL: http://www.drink.ch/de/catalogsearch/result/?q=%27...
FAQ: Rooted\Jailbroken Device Detection in XenMobile MAM Only Mode
Q: Can devices in XenMobile MAM only mode detect rooted\jailbroken devices? A : The jailbreak flag which is present on the XenMobile server console which shows whether a device is jailbroken or not is only supported when the device is enrolled to MDM. The jailbreak flag is set by MDM and not by M...
Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities
Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios Incident Manager Multiple Vulnerabilities Affected versions: Nagios Incident Manager...
Unsafe Query Generation Risk in Active Record
There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...
CVE-2016-4253
The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors...
Information disclosure
The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors...