SAP GRC Remote Code Injection Vulnerability

SAP GRC is a suite of governance, risk management and compliance solutions from SAP Germany. SAP GRC suffers from a remote code injection vulnerability. It allows an attacker to inject arbitrary code...

Cross-site scripting vulnerability in phpLDAPadmin htdocs/entry_chooser.php file

phpLDAPadmin is a web-based LDAP client that allows easy management of LDAP servers. A cross-site scripting vulnerability exists in the htdocs/entrychooser.php file in phpLDAPadmin 1.2.3 and earlier versions. A remote attacker can inject code with the help of the 'form', 'element', 'rdn' or...

The vulnerability of the software interface of the Android operating system’s Framework, allowing a hacker to inject arbitrary code

The vulnerability of the software interface of the Android operating system’s Framework is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to inject arbitrary code remotely, using a local malware application...

The vulnerability of the software interface of the Android operating system’s Framework, allowing a hacker to inject arbitrary code

The vulnerability of the software interface of the Android operating system’s Framework is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to inject arbitrary code remotely, using a local malicious application...

The vulnerability of the nscd library, which provides system calls and core functions of glibc, allows a perpetrator to cause a service failure or implement malicious code.

The vulnerability of the nscd library, which provides system calls and core functions of the glibc library, arises due to incorrect reading of the internal buffer size. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures or inject code by running the...

Code injection

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service stack consumption via a crafted rule involving hex strings that is mishandled in the yrreemit function, a different vulnerability than CVE-2017-9304...

Cross site scripting

Cross-site scripting XSS vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter...

Logsign Remote Code Injection Vulnerability

Logsign is the next generation security information and event management solution for security intelligence, log management and easy compliance reporting. Logsign suffers from a remote code injection vulnerability. An attacker could exploit this vulnerability to execute arbitrary script code with...

CVE-2017-9140

The CVE-2017-9140 issue affects Telerik Reporting for ASP.NET WebForms (Telerik.ReportViewer.WebForms.dll) prior to R1 2017 SP2 (11.0.17.406). It is a reflected XSS vulnerability exploitable via the bgColor parameter to Telerik.ReportViewer.axd, allowing attacker-controlled script/HTML execution ...

CVE-2015-9057

Multiple cross-site scripting XSS vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm,...

CyberVision Kaa IoT Platform Remote Code Injection Vulnerability

CyberVision Kaa IoT Platform is a multi-purpose middleware platform for IoT from CyberVision USA that enables building complete end-to-end IoT solutions. The CyberVision Kaa IoT Platform suffers from a remote code injection vulnerability. An attacker can exploit this vulnerability to inject and...

CVE-2016-7841

Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2017-7897

A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...

CVE-2017-7897

Summary: CVE-2017-7897 is an XSS vulnerability in MantisBT 2.3.x before 2.3.2, triggered via crafted PATH_INFO in URLs on the Timeline include page used by My View (my_view_page.php) and User Information (view_user_page.php). The root cause is unsanitized $_SERVER['PHP_SELF'] used to generate URL...

CVE-2016-4875

CVE-2016-4875 describes cross-site scripting (CWE-79) vulnerabilities in Geeklog IVYWE edition plugins: Assist (before 1.1.2.test20160906), dataBox (before 0.0.0.20160906), and userBox (before 0.0.0.20160906). The root cause is untrusted input that can be injected into administrator-facing contex...

Asterisk CDR Buffer Overflow Vulnerability (AST-2017-001)

Asterisk is prone to a buffer overflow vulnerability in CDR SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...

Cross site scripting

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted 'configoption' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3...

CVE-2017-7241

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

CVE-2017-7309

CVE-2017-7309 describes a cross-site scripting (XSS) vulnerability in MantisBT’s adm_config_report.php (Configuration Report) where the config_option parameter can be crafted to inject code. Affected software is MantisBT; the vulnerability arises from insufficient input validation on the configur...

CVE-2017-6973

CVE-2017-6973 relates to a cross-site scripting (XSS) vulnerability in MantisBT on the Configuration Report page (adm_config_report.php). The issue arises from insufficient sanitization of the crafted action parameter, allowing remote attackers to inject arbitrary code. The vulnerability is fixed...