ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a...

Mozilla: libusrsctp library out of date

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

Mozilla: libusrsctp library out of date

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

AlmaLinux 9 : firefox (ALSA-2023:0285)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:0285 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox DataTransfer.setData...

RHEL 8 : firefox (RHSA-2023:0294)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0294 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 9 : firefox (RHSA-2023:0285)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0285 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:0112-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0112-1 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firef...

CVE-2022-46871

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox 108...

DEBIAN-CVE-2022-46871

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox 108...

CVE-2022-46871

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox 108...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security vulnerability that stems from the use of the outdated library libusrsctp...

Authentication flaw

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

Folders Disclosure via Outdated jQueryFileTree Library

The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server PoC curl...

Folders Disclosure via Outdated jQueryFileTree Library

The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server curl...

UltimateWoo <= 0.1.10 - PHP Object Injection

The plugin is using an outdated library which is affected by a PHP Object Injection issue...

Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)

The original submission stated that the HT Slider Range for Amazon affiliates plugin for WordPress had a reflected XSS vulnerability. After investigation WPScanTeam, the cause was found to be test files from the php-mod/curl library, which was missing appropriate response headers before outputtin...

CVE-2020-8155

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...

Cross site scripting

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...

CVE-2020-8155

CVE-2020-8155 is addressed in Nextcloud security updates across multiple distributions. OpenSUSE and Fedora advisories show Nextcloud updates (e.g., openSUSE-2020-670, openSUSE-2020-0670-1, FEDORA_2020-C9863904DE/NASLs) that fix CVE-2020-8155. The openSUSE entries describe CVE-2020-8155 as a dire...

CVE-2020-8155

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...