286 matches found
Automattic: [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id}
Summary: Hello, I have found an XSS Reflected POST-Based on https://www.intensedebate.com/update/tumblr2/$id. The parameter $POST'txtCode' is reflected and is not sanitized. To trigger the XSS an attacker need to create a site and invite the victim in their own site and give then full permissions...
Trend Micro Apex One Access Control Error Vulnerability
Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. An access control error vulnerability exists in Trend Micro Apex One, which can be exploited by an attacker to allow an unprivileged user t...
Trend Micro Apex One 安全漏洞
Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. An access control error vulnerability exists in Trend Micro Apex One, which can be exploited by an attacker to allow an unprivileged user t...
ALBA-2020:5097 eclipse:rhel8 bug fix update
Eclipse is an integrated development environment IDE. The metadata for the eclipse:rhel8 module has been updated to remove the following unused profiles: c everything To check whether you have the obsolete profiles installed, run: yum module list eclipse The installed profiles have the i indicato...
eclipse:rhel8 bug fix update
Eclipse is an integrated development environment IDE. The metadata for the eclipse:rhel8 module has been updated to remove the following unused profiles: c everything To check whether you have the obsolete profiles installed, run: yum module list eclipse The installed profiles have the i indicato...
rhel8 bug fix update
An update is available for eclipse-emf, eclipse-ecf, apache-commons-compress, hamcrest, opentest4j, xz-java, google-gson, glassfish-el, icu4j, xmlgraphics-commons, jsch, felix-scr, apiguardian, junit, glassfish-jsp, lucene, jetty, junit5, apache-commons-jxpath, eclipse, univocity-parsers,...
KB4577586: Update for the removal of Adobe Flash Player: October 27, 2020
KB4577586: Update for the removal of Adobe Flash Player: October 27, 2020 Important notes Adobe Flash Player is out of support as of December 31, 2020. For more information, see Adobe Flash end of support on December 31, 2020. Applying this update will remove Adobe Flash Player from your Windows...
After Upgrading to iOS 14 And Opening MDX Wrapped Apps Prompt Displays - "Compliance Error - Your device is out of compliance...MDX Encryption is not supported"
After Upgrading to iOS14 and opening MDX Wrapped Apps or Citrix Secure Mail/Hub/Web Displays - "Compliance Error - Your device is out of compliance. Please contact your administrator. MDX Encryption is not supported beyond iOS 13. Please reinstall the app."...
GHSA-J3QQ-QVC8-C6G7 Malicious Package in foever
All versions of foever are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This packag...
Malicious Package in soket.js
All versions of soket.js are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
Malicious Package in soket.io
All versions of soket.io are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
GHSA-5X7P-GM79-383M Malicious Package in regenraotr
All versions of regenraotr are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
Malicious Package in regenrator
All versions of regenrator are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
Malicious Package in axois
All versions of axois are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This package...
Tianmu MVC Web Management System Home Edition Has Arbitrary File Deletion Vulnerability
Tianmu MVC website management system is Pizhou Tianmu Network Technology Co., Ltd. developed a professional PHP + MYSQL products, the use of independent MVC framework, applicable to large and small and medium-sized enterprises of the open source MVC. Tianmu MVC website management system Home...
Arbitrary File Deletion Vulnerability in HisiPHP (CNVD-2020-48610)
HisiPHP is based on ThinkPHP5 + Layui development of a set of free WEB open source framework. HisiPHP has an arbitrary file deletion vulnerability. Attackers can use the vulnerability to delete lock files , resulting in system reinstallation...
Apple CMS has a logic flaw vulnerability
Apple CMS program is a fast website building system that runs on PHP+MYSQL environment. Apple CMS has a logic flaw vulnerability that can be exploited by attackers to delete arbitrary files and cause a system reinstallation...
ZZCMS Buildable Product Merchandising Website Has Reinstallation Vulnerability
ZZCMS Buildable Product Merchandising Website is a PHP and MYSQL based CMS to quickly build product merchandising websites. The ZZCMS Buildable Product Merchandising Website has a reinstallation vulnerability that can be exploited by an attacker to overwrite the previous install.lock file,...
Harbin Weicheng Technology Co., Ltd. OurPHP has an arbitrary file deletion vulnerability
OurPHP is a PHP+MySQL based development of W3C-compliant website building system. Harbin Weicheng Technology Co., Ltd OurPHP has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete any system files, and can further lead to the system being reinstalled...
Arbitrary file deletion vulnerability in Ridewind Multi-User PHP Statistics System V5.2 backend
Ride Multi-User PHP Statistics is a website traffic statistics system for web store statistics. Ridewind Multi-User PHP Statistics System V5.2 has an arbitrary file deletion vulnerability in the background, which can be exploited by attackers to delete files and cause system reinstallation...