Information disclosure

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation...

CVE-2018-20484

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation...

CVE-2018-20484

CVE-2018-20484 affects Zoho ManageEngine ADSelfService Plus 5.7 before build 5702, with a cross-site scripting vulnerability in the self-update layout implementation. The issue is a XSS in the auto-update/deployment flow (build

DEBIAN-CVE-2018-20022

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak...

UBUNTU-CVE-2018-20023

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memor...

FUEL CMS Cross-Site Scripting Vulnerability (CNVD-2019-07076)

FUEL CMS is a content management system based on CodeIgniter. A cross-site scripting vulnerability exists in FUEL CMS 1.4.3, which can be exploited by an attacker to conduct a cross-site scripting attack via a title or body text in a layout variable during new page creation...

Cross site scripting

XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI...

CVE-2018-20136

XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI...

CVE-2018-20136

XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI...

CVE-2018-20136

CVE-2018-20136 affects FUEL CMS 1.4.3, where an XSS flaw exists in the Header or Body within Layout Variables during new-page creation (demonstrated via pages/edit/1?lang=english). The root cause is input reflected in layout variables, enabling script injection. Impact is cross-site scripting; ex...

CVE-2018-8637

An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization KASLR bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Window...

KB4471324: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 Security Update

The remote Windows host is missing security update 4471324. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could...

Adobe Acrobat Reader DC Text Field Value Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...

PT-2018-4583 · Harfbuzz +1 · Harfbuzz +1

Name of the Vulnerable Software and Affected Versions: HarfBuzz versions prior to 1.0.4 Description: The issue allows remote attackers to cause a denial of service, resulting in an invalid read of two bytes and application crash. This is due to mishandling of GPOS and GSUB tables, related to file...

[SECURITY] Fedora 27 Update: pango-1.40.14-3.fc27

Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango can be used anywhere that text layout is nee ded, though most of the work on Pango so far has been done in the context of the GTK+ widget toolkit. Pango forms the core of text and font handlin...

FUEL CMS SQL Injection Vulnerability

FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.1 suffers from a SQL injection vulnerability that can be exploited by an attacker via the layout, published or searchterm parameters of pages/items...

CVE-2018-16762

FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or searchterm parameter to pages/items...

USN-3750-1: Pango vulnerability

Jeffrey M. discovered that Pango incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...

The vulnerability of the Layout Tools component of the BI Publisher software, which is used for creating reports, allows a malicious individual to gain unauthorized access to protected data.

The vulnerability of the Layout Tools component of the BI Publisher reporting software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

NetSpectre — New Remote Spectre Attack Steals Data Over the Network

A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed "NetSpectre ," the new remote side-channel attack, which is related to Spectre...