CVE-2020-9350

CVE-2020-9350 affects SAS Visual Analytics 8.5, where the Graph Builder’s graph template can be directly accessed and exploited to trigger cross-site scripting (XSS) in the user's browser. The vulnerability is associated with the graph generator/templating mechanism, enabling attacker-supplied co...

CVE-2020-9350

Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly...

DEBIAN-CVE-2020-8813

graphrealtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege...

UBUNTU-CVE-2020-8813

graphrealtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege...

@rdfoo/rdf-parser-n3 (>=0.3.0 <=0.4.0), arca-ontodia (>=0.9.36 <=0.9.47) +63 more potentially affected by CVE-2019-10798 via rdf-graph-array (=0.3.0)

rdf-graph-array NPM version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on rdf-graph-array and may be impacted: - @rdfoo/rdf-parser-n3 =0.3.0, =0.9.36, =0.3.0, =0.0.2, =1.0.0, =0.1.1, =0.1.0, =1.0.0, =0.0.1-alpha.1, =0.1.0, =0.1.0, =0.5.0 and...

Prototype Pollution

Overview rdf-graph-array is a Graph implementation using arrays. Note: This package is no longer maintained. Affected versions of this package are vulnerable to Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype using a...

Microsoft Insider Risk Management and Communication Compliance in Microsoft 365 now generally available

Microsoft Insider Risk Management and Communication Compliance in Microsoft 365—now generally available—help organizations address internal risks, such as IP theft or code of conduct policy violations. The new Microsoft Insider Risk Management solution helps to quickly identify, detect, and act o...

Building on secure productivity

Among the most common and powerful attack vectors we have seen are those that exploit the daily tradeoff users make between security and productivity. Often, this can be as simple as a document hiding an exploit or a malicious link. As an industry, we’re used to thinking of security and...

UBUNTU-CVE-2014-6262

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...

PT-2020-1717 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue in Cacti's graph realtime.php file is related to the lack of neutralization of special elements, which can be exploited by a remote attacker to execute arbitrary code by sending a specially crafted...

CVE-2019-19968

PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content...

Cross site scripting

PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content...

CVE-2019-19968

PandoraFMS 742 is affected by multiple stored XSS vulnerabilities in the Agent Management, Report Builder, and Graph Builder components. The root cause, as described across sources, is inadequate validation/sanitation of client data stored by the web application, which is later read and echoed in...

CVE-2019-19968

PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content...

Debian DSA-4604-1 : cacti - security update

Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users. - CVE-2019-16723 Authenticated users may bypass authorization checks for viewing a graph by submitting requests with modified...

DEBIAN-CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

UBUNTU-CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

PT-2020-19374 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue concerns stored XSS in several PHP files, including data sources.php, color templates item.php, graphs.php, graph items.php, lib/api automation.php, user admin.php, and user group admin.php. This is...

Microsoft Office Graph Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Graph COM...

Pandora 7.0NG - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Pandora 7.0NG - Remote Code Execution Exploit Author: Askar @mohammadaskar2 CVE: CVE-2019-20224 Vendor Homepage: https://pandorafms.org/ Software link: https://pandorafms.org/features/free-download-monitoring-software/ Version:...