403 matches found
Remote code execution
Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince1 CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled...
CVE-2016-10568
CVE-2016-10568 affects geoip-lite-country (pre-1.1.4). The library downloads data resources over HTTP, creating vulnerability to man-in-the-middle attacks. Impact ranges from data modification/read to potential code execution depending on the data/resource behavior, per multiple sources. Mitigati...
tropentag.de XSS vulnerability
Open Bug Bounty ID: OBB-620183 Description| Value ---|--- Affected Website:| tropentag.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
natumat.com.tw XSS vulnerability
Open Bug Bounty ID: OBB-616054 Description| Value ---|--- Affected Website:| natumat.com.tw Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
fletchercollection.co.nz XSS vulnerability
Open Bug Bounty ID: OBB-609797 Description| Value ---|--- Affected Website:| fletchercollection.co.nz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
metaprogrammes.inra.fr XSS vulnerability
Open Bug Bounty ID: OBB-597139 Description| Value ---|--- Affected Website:| metaprogrammes.inra.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
bbs.creaders.net XSS vulnerability
Open Bug Bounty ID: OBB-595960 Description| Value ---|--- Affected Website:| bbs.creaders.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
infoanime.com.br XSS vulnerability
Open Bug Bounty ID: OBB-591783 Description| Value ---|--- Affected Website:| infoanime.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
avocat-dreptul-muncii.eu XSS vulnerability
Open Bug Bounty ID: OBB-583891 Description| Value ---|--- Affected Website:| avocat-dreptul-muncii.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-6219
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data...
CVE-2018-6219
CVE-2018-6219 affects Trend Micro Email Encryption Gateway 5.5 (Build 1111.00). The vulnerability is an Insecure Update via HTTP where update communications are unencrypted, enabling a MITM attacker to eavesdrop on and tamper with update data. The connected documents corroborate that the issue is...
vrp-multicartes.fr XSS vulnerability
Open Bug Bounty ID: OBB-567683 Description| Value ---|--- Affected Website:| vrp-multicartes.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
medicalworldnews.co.kr XSS vulnerability
Open Bug Bounty ID: OBB-527358 Description| Value ---|--- Affected Website:| medicalworldnews.co.kr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
lanmart.co.kr XSS vulnerability
Open Bug Bounty ID: OBB-481639 Description| Value ---|--- Affected Website:| lanmart.co.kr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based...
Foscam IP Video Camera CGIProxy.fcgi logOut Code Execution Vulnerability(CVE-2017-2878)
Summary An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply...
ManageEngine ServiceDesk Plus Multiple Vulnerabilities (Nov 2017) - Active Check
ManageEngine ServiceDesk Plus is prone to multiple arbitrary file download vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
control.emailmarketing.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-355490 Description| Value ---|--- Affected Website:| control.emailmarketing.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat...
CVE-2017-10300
Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM subcomponent: Siebel Business Service Issues. Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM...
CVE-2017-10293
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Javadoc. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks...
XiongMai uc-httpd Directory Traversal Vulnerability
XiongMai uc-httpd is a HTTP protection program for cameras and other products from XiongMai. A directory traversal vulnerability exists in XiongMai uc-httpd. A remote attacker can send a 'GET ... /' HTTP request to exploit the vulnerability to read arbitrary files...