SQL Injection Vulnerability in hdcmsv1.2 System

HDCMS is a content management system package written in PHP , the database using Mysql. to provide powerful , complete functionality to complete the rapid development of the site . HDCMS system version 1.2 SQL injection vulnerability, remote attackers can exploit the vulnerability to obtain...

DEBIAN-CVE-2018-12040

Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...

OECMS Cross-Site Scripting Vulnerability

OEcms is an enterprise content management system CMS. A cross-site scripting vulnerability exists in the 'mod' parameter of the info.php file in OEcms version 3.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Ximdex cross-site scripting vulnerability (CNVD-2018-14436)

Ximdex is a content and data management system. The system includes features such as an intelligent search engine, information aggregation, image and text recognition. A cross-site scripting vulnerability exists in the search page in Ximdex version 4.0. A remote attacker can exploit this...

Citrix XenMobile Server Cross-Site Scripting Vulnerability (CNVD-2018-10356)

Citrix XenMobile Server is a mobility management solution from Citrix Systems. The solution is capable of managing mobile devices, developing mobile policies and compliance rules, and providing insight into the operation of mobile mobile networks. A cross-site scripting vulnerability exists in...

PbootCMS 'scode' Parameter SQL Injection Vulnerability

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. A SQL injection vulnerability exists in PbootCMS version 1.0.9. A remote attacker can exploit this vulnerability by sending the 'scode' parameter to the...

CVE-2018-0583

Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

DEBIAN-CVE-2018-10992

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

Code execution vulnerability in iXCache

The iXCache cache is based on the network application layer cache acceleration engine software developed by PANA based on PanaOS operating system. A code execution vulnerability exists in iXCache. An attacker can obtain root privileges of the device by constructing a payload for remote command...

IBM Content Manager Cross-Site Scripting Vulnerability

IBM Content Manager is a multi-platform content management solution from IBM.IBM Content Manager Enterprise Edition is the enterprise version of IBM Content Manager.Resource Manager is one of the resource managers. A cross-site scripting vulnerability exists in Resource Manager in IBM Content...

Symantec Advanced Secure Gateway and ProxySG Cross-Site Scripting Vulnerability

Symantec Advanced Secure Gateway ASG and ProxySG are both security gateway appliances from Symantec USA. A cross-site scripting vulnerability exists in Symantec ASG and ProxySG. A remote attacker could exploit this vulnerability to inject arbitrary JavaScript code into the management console web...

Zulip Server Cross-Site Scripting Vulnerability (CNVD-2018-08599)

Zulip Server is a set of open source group chat application written in Python based on the Django framework . A cross-site scripting vulnerability exists in Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2. A remote attacker can exploit this vulnerability to inject arbitrary web script ...

Smartscript Solutions Domain Trader Cross-Site Scripting Vulnerability

Smartscript Solutions Domain Trader is a suite of domain name auction and domain parking software from Smartscript Solutions in the UK. A cross-site scripting vulnerability exists in Smartscript Solutions Domain Trader version 2.5.3. The vulnerability can be exploited by remote attackers to injec...

CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2018-07822)

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...

Dolibarr ERP/CRM Cross-Site Scripting Vulnerability (CNVD-2018-08347)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in several pages i...

Enhancesoft osTicket cross-site scripting vulnerability (CNVD-2018-07905)

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in the /scp/directory.php file in Enhancesoft osTicket versions prior to 1.10.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the...

cleanfax.com XSS vulnerability

Open Bug Bounty ID: OBB-592847 Description| Value ---|--- Affected Website:| cleanfax.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

QQQ SYSTEMS cross-site scripting vulnerability (CNVD-2018-07697)

QQQ SYSTEMS is a set of CGI scripts for creating quiz pages. A cross-site scripting vulnerability exists in QQQ SYSTEMS version 2.24. A remote attacker can exploit this vulnerability to inject arbitrary web scripts via the quizop.cgi file...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2018-06272)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

WampServer Cross-Site Scripting Vulnerability

WampServer is an integrated installation of Apache, Mysql and PHP for the Windows platform. A cross-site scripting vulnerability exists in WampServer version 3.1.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'virtualdel' parameter...