MediaWiki Multiple Vulnerabilities (Mar 2015) - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

asterisk -- Buffer overflow in CDR's set user

The Asterisk project reports: No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection...

CVE-2015-8622

Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...

The vulnerability of the McAfee VirusScan Enterprise anti-virus software allows a intruder to inject arbitrary Web or HTML code.

The vulnerability of the McAfee VirusScan Enterprise antivirus software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...

Apache NiFi Remote Code Injection Vulnerability

Apache NiFi is an automated solution for data transfer between systems. Apache NiFi suffers from a remote code injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary code in the context of a user running in an affected application, with a failed attack resulting ...

CVE-2016-7103

Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

Code injection

Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service CPU consumption via a flood of ICMPv4 Port Unreachable packets...

CVE-2017-5010

Removed by vendor...

CVE-2017-5006

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

CVE-2016-5204

CVE-2016-5204 affects Chromium-based browsers (Blink SVG image handling). The issue is a cross-site scripting (UXSS) vulnerability caused by SVG shadow DOM handling that can allow script/HTML injection via crafted pages. Desktop/chromium versions prior to 55.0.2883.75 (desktop) and 55.0.2883.84 (...

CVE-2016-5205

CVE-2016-5205 affects Blink in Chromium-based browsers (Chrome/Linux/Windows/Mac) and is a cross-site scripting flaw caused by deferred page-load handling, enabling UXSS via crafted HTML. Affected releases before version 55.0.2883.75 were addressed; advisories indicate upstream fixes in 55.0.2883...

BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability

Document Title: =============== BlackBoard LMS 9.1 SP14 - Title Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1901 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID VL-ID: ====================================...

Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability

Document Title: =============== Blackboard LMS 9.1 SP14 - Profile Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1900 Release Date: ============= 2017-01-09 Vulnerability Laboratory ID VL-ID: ====================================...

Cross site scripting

Cross-site scripting XSS vulnerability in the Inbox Search feature in Hybris Management Console HMC in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

CVE-2016-7954

CVE-2016-7954 affects Bundler 1.x, where a gem name collision on a secondary source can enable remote code execution in a Ruby application. The issue arises from multiple top-level source lines allowing a malicious gem with the same name as a legitimate gem to be pulled from a different source, a...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

CVE-2016-7954

Removed by vendor...