2244 matches found
CVE-2017-5191
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header...
ARM Trusted Firmware Integer Overflow Vulnerability
ARM Trusted Firmware is a set of interface standards that provide an ARMv8-A secure software implementation. A security vulnerability exists in ARM Trusted Firmware versions 1.2 and 1.3. An attacker could exploit the vulnerability to copy larger data to secure memory...
Synology Photo Station Security Bypass Vulnerability
Synology Photo Station is a Synology solution for sharing pictures, videos and blogs over the Internet. A security bypass vulnerability exists in Synology Photo Station versions prior to 6.3-2958. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending an...
SolarWinds Log and Event Manager Command Execution Vulnerability
SolarWinds Log and Event Manager LEM is a log and event manager from SolarWinds, Inc. that provides real-time log analysis, memory event correlation, and threat attack response. A security vulnerability exists in SolarWinds LEM versions prior to 6.3.1 Hotfix 4. An attacker can exploit the...
PT-2017-2348 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.3 Description: The issue is related to the mm subsystem in the Linux kernel, which does not properly enforce the CONFIG STRICT DEVMEM protection mechanism. This allows local users to read or write to kernel...
CVE-2016-8235
Privilege escalation in Lenovo Customer Care Software Development Kit CCSDK versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges...
CVE-2017-2404
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016...
Apple iOS Pasteboard Component Key Encryption Vulnerability
Apple iOS is an operating system for mobile devices developed by Apple Inc. Pasteboard is a secure and standardized mechanism for exchanging data within and between applications. A security vulnerability exists in the Pasteboard component of Apple iOS versions prior to 10.3. An attacker could...
Apple iOS Accounts Component Authentication Prompt Vulnerability
Apple iOS is an operating system developed by Apple Inc. for mobile devices, and Accounts is one of the user account components. A security vulnerability exists in the Accounts component of Apple iOS versions prior to 10.3. The vulnerability can be exploited by an attacker to view an Apple ID fro...
Apple iOS DataAccess Component Input Validation Vulnerability
Apple iOS is a set of operating systems developed by Apple for mobile devices, of which DataAccess is a data access component. A security vulnerability exists in the DataAccess component in Apple iOS versions prior to 10.3. A remote attacker could exploit this vulnerability to access Exchange...
CVE-2017-6182
In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304...
CVE-2016-9737
IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1996200...
CVE-2017-6878
Cross-site scripting XSS vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name2 parameter to admin/column/delete.php...
Cagintranet Networks GetSimple CMS Information Disclosure Vulnerability
Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A security vulnerability exists in Cagintranet Networks GetSimple CMS version 3.3....
CVE-2017-3815
An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prio...
Reflective cross-site scripting vulnerability in multiple parameters of DuoDuo Rebate System V8.3_UTF8 official version
DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuoRebate.com system V8.3UTF8 official version February 10, 2017 There is a reflective cross-site scripting vulnerability. Due to the code parameter , ddusername...
CVE-2017-6518
Cross-site scripting XSS vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter...
DEBIAN-CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...
DEBIAN-CVE-2016-9139
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment...
UBUNTU-CVE-2016-9139
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment...