Design/Logic Flaw

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

CVE-2019-9673

Freenet 1483 is affected by a MIME-type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. The root cause is improper MIME-type handling, enabling code execution without user interaction. NVD lists CVSS v2 base score 6.8 (Network, Medium complexity) and CVSS v3 base scor...

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

GHSA-M734-R4G6-34F9 NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...

NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...

CVE-2017-11560

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...

Microsoft Internet Explorer 11 - Sandbox Escape Exploit

Exploit for windows platform in category local exploits Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...

DEBIAN-CVE-2019-10067

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment ...

CVE-2019-10067

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

UBUNTU-CVE-2019-10067

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

DEBIAN-CVE-2019-10066

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment ...

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

CVE-2019-10066

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment ...

Microsoft Internet Explorer 11 - Sandbox Escape

Microsoft Internet Explorer 11 - Sandbox Escape Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...

Microsoft Internet Explorer 11 - Sandbox Escape

Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...

CVE-2019-10066

Open Ticket Request System (OTRS) 7.x up to 7.0.6, Community Edition 6.0.x up to 6.0.17, and OTRSAppointmentCalendar 5.0.x up to 5.0.12 are affected by CVE-2019-10066. The issue allows an attacker who is logged in as an OTRS agent with appropriate permissions to craft a calendar appointment that ...

PT-2019-11414 · Otrs +2 · Otrs +2

Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 7.x through 7.0.6 Open Ticket Request System OTRS Community Edition versions 5.0.x through 5.0.35 Open Ticket Request System OTRS Community Edition versions 6.0.x through 6.0.17 Description: An issue w...

Microsoft SharePoint Server CVE-2019-0963 Cross Site Scripting Vulnerability

Description Microsoft SharePoint Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

Cross site scripting

Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL...