IBM Kenexa LMS on Cloud suffers from an unspecified cross-site scripting vulnerability (CNVD-2016-11290)

IBM Kenexa LMS on Cloud is a full-featured, configurable, enterprise-grade, social Learning Management System LMS with integrated social networking, collaboration, and knowledge sharing capabilities. IBM Kenexa LMS on Cloud suffers from an unspecified cross-site scripting vulnerability that stems...

IBM Resilient Cross-Site Scripting Vulnerability

IBM acquired Resilient Systems in order to enhance its security business and provide an automated response playbook to attacks. resilient's platform will be combined with IBM's QRadar Intelligence Platform and will be integrated with the Blue Giant's security portfolio. IBM Resilient suffers from...

Multiple HTML Injection Vulnerabilities in Foreman

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. Foreman has multiple HTML injection vulnerabilities due to the program failing to adequately validate...

Drupal D8 Editor File upload module cross-site scripting vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.File is one of the file handling modules. A cross-site scripting vulnerability exists in the Drupal D8 Editor File upload module that stems from a failure to properly validate user inpu...

Drupal Views Send Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community. View sending enables you to send emails to multiple users from a single view. A cross-site scripting vulnerability exists in the Drupal Views Send module due to the program failing to...

CG-WLR300NX vulnerable to cross-site scripting

Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

Palo Alto Networks PAN-OS Cross-Site Scripting Vulnerability (CNVD-2016-11098)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. Palo Alto Networks PAN-OS suffers from a cross-site scripting vulnerability due to the program failing to properly filter user-supplied input. An attacker could exploit the...

Foreman HTML Injection Vulnerability (CNVD-2016-11092)

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An HTML injection vulnerability exists in Foreman 1.1 and later versions, which stems from the program...

HPE Network Node Manager i (NNMi) Cross-Site Scripting Vulnerability (CNVD-2016-11189)

HPE Network Node Manager i NNMi is a suite of network management software from Hewlett Packard Enterprise HPE. The software unifies the management of network failures, availability, and performance in a single centralized console, and enables users to extend network uptime, improve performance, a...

HPE Network Node Manager i (NNMi) Cross-Site Scripting Vulnerability

HPE Network Node Manager i NNMi is a suite of network management software from Hewlett Packard Enterprise HPE. The software unifies the management of network failures, availability, and performance in a single centralized console, and enables users to extend network uptime, improve performance, a...

Multiple IBM Rational Products Cross-Site Scripting Vulnerabilities

IBM Rational Team Concert and Rational Collaborative Lifecycle Management are collaborative lifecycle management solutions from IBM USA.IBM Rational DOORS Next Generation RDNG is a requirements management solution from IBM USA. IBM Rational Engineering Lifecycle Manager is a suite of engineering...

Arbitrary file upload vulnerability in earcms uplog.php

Ear Music Ear Music is an interface using Discuz backend style and UCHome user center style combined with the core by the high-speed template engine and caching mechanism and other frameworks coexist PHP open source music system. earcms uplog.php arbitrary file upload vulnerability , attackers ca...

Microsoft Edge CVE-2016-7209 Spoofing Vulnerability

Description Microsoft Edge is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Edge...

pacemaker: Privilege escalation due to improper guarding of IPC communication

An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on th...

CVE-2016-7095

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

CVE-2016-7095

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

Design/Logic Flaw

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

CVE-2016-7095

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

CVE-2016-7095

Exponent CMS prior to version 2.3.9 is vulnerable to an attacker uploading a malicious script file via redirection to place it in an unprotected folder that allows script execution. This affects Exponent CMS 2.3.x and earlier components handling file uploads; impact includes potential code execut...

UBUNTU-CVE-2016-7035

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...