WolfCMS Cross-Site Scripting Vulnerability (CNVD-2018-07056)

Wolf CMS is a lightweight content management system written in PHP. A stored cross-site scripting vulnerability exists in WolfCMS 0.8.3.1 in the Layout Name under the Layout tab. A low-privileged user can exploit this vulnerability to steal cookies from administrative users and compromise the...

Microsoft Windows Multiple Vulnerabilities (KB4088787)

This host is missing a critical security update according to Microsoft KB4088787 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-1000084

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...

CVE-2018-1000084

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...

Cross site scripting

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...

CVE-2018-1000084

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...

KB4088782: Windows 10 Version 1703 March 2018 Security Update

The remote Windows host is missing security update 4088782. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry. An attacker who successfully exploited this...

Linux kernel kernel security protection bypass vulnerability

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A kernel security protection bypass vulnerability exists in the fdlockedioctl function in drivers/block/floppy.c in...

The vulnerability of Adobe InDesign’s computer layout automation tool arises from an operation that goes beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Schneider Electric IGSS SCADA Software Local Code Execution Vulnerability

Schneider Electric IGSS SCADA Software is a shared service platform for SCADA Data Acquisition and Supervisory Control systems from Schneider Electric France. A security vulnerability exists in Schneider Electric IGSS SCADA Software version 12 and earlier, which stems from incorrect security...

Microsoft Windows kernel local information disclosure vulnerability (CNVD-2018-05062)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the operating system kernels. An information disclosure vulnerability exists in the Microsoft Windows kernel. An attacker can exploit this vulnerability by logging on to an...

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

CVE-2018-7205

Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages - Edit template properties - Device Layouts - Create devic...

Remote code execution

DISPUTED Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor ha...

Cross site scripting

DISPUTED Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages - Edit template properties - Device Layouts -...

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

CVE-2018-7205

Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages - Edit template properties - Device Layouts - Create devic...

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

CVE-2018-7205

Kentico CMS versions 9–11 are affected by a reflected cross-site scripting (XSS) vulnerability in the Design/Device Layout feature (Edit device layout). The issue allows remote attackers to inject and execute arbitrary JavaScript via a malicious devicename parameter in links created through Pages...

PT-2018-17947

Name of the Vulnerable Software and Affected Versions Kentico versions 9 through 11 Description A Reflected Cross-Site Scripting issue allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link entered through specific screens, including "Pages - Edit...