3790 matches found
Kentico CMS 11 Cross Site Scripting
Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting Reflect Date: 18-02-2018 Software Link: https://www.kentico.com Exploit Author: Keerati T. CVE: CVE-2018-7205 Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Marketing...
CVE-2018-6396
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=formmarkers action, or the map parameter in a layout=default action...
CVE-2017-9967
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization ASLR and Data Execution prevention DEP were not properly configured resulting in weak security...
Security feature bypass
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization ASLR and Data Execution prevention DEP were not properly configured resulting in weak security...
The vulnerability in the `mozilla::dom::ImageDocument::UpdateSizeFromLayout` function allows a hacker to trigger a service failure in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird.
The vulnerability of the mozilla::dom::ImageDocument::UpdateSizeFromLayout function in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the use of memory after object release, resulting from manipulations of DOM objects when the “resize” event is called for the “image”...
WordPress: [support.wordcamp.org] - publicly accessible .svn repository
Hi Team, Found that .svn repo is publicly accessible. We can verify it by loading https://support.wordcamp.org/.svn/entries in any browser. This is very dangerous as an attacker may download entire source code. More details about this vulnerability provided here:...
Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-00517)
Microsoft Windows 10 and Windows Server Version 1709 are both products of Microsoft Corporation.Microsoft Windows 10 is a cross-platform operating system for PCs and laptops, tablets, and cell phones.Windows Server Version 1709 is a server operating system. kernel is one of the kernels. Server...
Microsoft Windows Color Management Module Information Disclosure Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Color Management Module Icm32.dll is one of these color management modules. An information disclosure vulnerability exists in Color Management Module Icm32.dll in Microsoft Windows 7 SP1, Windows Serv...
Microsoft Windows Multiple Vulnerabilities (KB4056899)
This host is missing an important security update according to Microsoft KB4056899 OpenVAS Vulnerability Test $Id: gbmskb4056899.nasl 8364 2018-01-10 16:59:46Z gveerendra $ Microsoft Windows Multiple Vulnerabilities KB4056899 Authors: Shakeel Copyright: Copyright C 2018 Greenbone Networks GmbH,...
KB4056890: Windows 10 Version 1607 and Windows Server 2016 January 2018 Security Update (Meltdown)(Spectre)
The remote Windows host is missing security update 4056890 or 4057142. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to...
KB4056899: Windows Server 2012 January 2018 Security Update
The remote Windows host is missing security update 4056899 or cumulative update 4056896. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver ATMFD.dll when it fails to properly handle objects in memory...
Foxit Reader XFA Layout Object pageSpan Method Remote Code Execution Vulnerability
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the pageSpan method of the XFA Layout object in Foxit Reader version 8.3.1.21155, which stems from the program failing to properly validate user-submitted data. A remot...
Foxit Reader XFA Layout object page method remote code execution vulnerability
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the page method of the XFA Layout object in Foxit Reader version 8.3.1.21155, which results from the program failing to properly validate user-submitted data. A remote...
Foxit Reader w-Method Remote Code Execution Vulnerability
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the w method of the XFA Layout object in Foxit Reader version 8.3.1.21155, which is caused by the program failing to properly validate user-submitted data. A remote...
CVE-2017-14835
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pag...
CVE-2017-14837
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-14835
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pag...
CVE-2017-14837
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Type confusion
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Type confusion
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the w...