3632 matches found
Denial of Service in PAN-OS Management Web Interface
Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715. This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface. Ref PAN-93089, CVE-2018-8715 A specially crafted HTTP POST request with an invalid “If-modified" header...
CVE-2018-0390
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
Cross site scripting
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
CVE-2018-0390
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
CVE-2018-0390
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
[SECURITY] Fedora 28 Update: curl-7.59.0-5.fc28
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
CVE-2016-6565
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some...
Code injection
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some...
CVE-2016-6565 The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some...
CVE-2018-1000550
CVE-2018-1000550 – Sympa directory traversal in wwsympa.fcgi template editing . The Sympa project (Sympa Community) confirms a vulnerability in the template editing function of wwsympa.fcgi that could allow an attacker to create or modify files on the server filesystem. Exploitation is possible v...
Tapplock Smart Lock Insecure Direct Object Reference
The server http://api.tapplock.com/ which servers as the api server for the tapplock smart lock is vulnerable to multiple authorization bypasses allowing horizontal escalation of privileges which could lead to the disclosure of all the info of all users and total compromise of every lock. The...
VX Search HTTP POST Request Handling Remote Stack Buffer Overflow
VX Search product contains an overflow condition that is triggered when handling overly large HTTP POST requests e.g. sent to /login. This may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code. C Tenable Network Security, Inc. include'compat.inc'; if...
Sync Breeze HTTP POST Request Handling Remote Stack Buffer Overflow
Sync Breeze product contains an overflow condition that is triggered when handling overly large HTTP POST requests e.g. sent to /login. This may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if...
Disk Sorter HTTP POST Request Handling Remote Stack Buffer Overflow
Disk Sorter product contains an overflow condition that is triggered when handling overly large HTTP POST requests e.g. sent to /login. This may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if...
Disk Savvy HTTP POST Request Handling Remote Stack Buffer Overflow
Disk Savvy product contains an overflow condition that is triggered when handling overly large HTTP POST requests e.g. sent to /login. This may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if...
Siaberry 1.2.2 - Command Injection Vulnerability
Exploit for hardware platform in category web applications Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying a...
Cross site scripting
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
CVE-2018-0356
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
CVE-2018-0357
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
CVE-2018-0354
The CVE-2018-0354 issue affects Cisco Unity Connection, specifically the web framework. It stems from insufficient input validation for parameters passed via HTTP GET/POST, enabling an unauthenticated, remote attacker to trigger cross-site scripting (XSS) in a user’s browser when a user follows a...