Trend Micro OfficeScan Path Traversal and HTTP Header Injection Vulnerability

Trend Micro OfficeScan is prone to a path traversal and HTTP header injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

ClipBucket cross-site scripting vulnerability (CNVD-2016-06481)

ClipBucket is an open source video sharing software developed by Arslan team. The software allows you to share videos to video sites and supports the lights off effect when watching a movie. ClipBucket suffers from a cross-site scripting vulnerability. Because the program fails to properly filter...

Geeklog IVYWE edition contains a cross-site scripting vulnerability

Overview Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

ClipBucket vulnerable to cross-site scripting

Overview Clipbucket is open source video sharing script. ClipBucket contains a cross-site scripting CWE-79 vulnerability. Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

Multiple HTML Injection Vulnerabilities in Fortinet FortiCloud

Fortinet FortiCloud is a hosted security management and log retention service for the FortiGate product line. Multiple HTML injection vulnerabilities exist in Fortinet FortiCloud. Because the program fails to properly filter user input, an attacker could exploit the vulnerabilities to execute...

Multiple HTML Injection Vulnerabilities in Fortinet FortiVoice

The Fortinet FortiVoice phone system is designed to provide a simple, affordable and user-friendly package for handling intelligent calls. Multiple HTML injection vulnerabilities exist in Fortinet FortiVoice. Because the program fails to properly filter user-supplied input, an attacker could...

Foreman HTML Injection Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An HTML injection vulnerability exists in Foreman, which arises from the program's failure to adequately...

Red Hat Satellite HTML Injection Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. An HTML injection vulnerability exists in Red Hat Satellite version 6, whi...

Fortinet FortiManager and FortiAnalyzer Cross-Site Scripting Vulnerabilities

Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet, a centralized network security management solution; Fortinet FortiAnalyzer is a centralized network security reporting solution. Fortinet FortiManager is a centralized network security management solution; Fortinet...

Fortinet FortiManager and FortiAnalyzer Cross-Site Scripting Vulnerabilities (CNVD-2016-06377)

Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet, a centralized network security management solution; Fortinet FortiAnalyzer is a centralized network security reporting solution. Fortinet FortiManager is a centralized network security management solution; Fortinet...

WordPress plugin 13-moon synchronometer cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress plugin 13-moon synchronometer version 2.1.1 allows attacker...

WordPress plugin border-loading-bar cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress plugin border-loading-bar version 1.0 allows attackers ...

WordPress plugin analytics-counter cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress plugin analytics-counter version 3.2.0 allows attackers...

WordPress bwtf-waterquality plugin cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in version 2.1 of the WordPress bwtf-waterquality plugin, which...

Tenable Network Security Tenable Nessus Cross-Site Scripting Vulnerability (CNVD-2016-06082)

Tenable Network Security Tenable Nessus is an open source vulnerability scanner from Tenable Network Security, USA. A cross-site scripting vulnerability exists in versions of Tenable Network Tenable Nessus prior to 6.8, which stems from the software failing to properly filter user-submitted input...

Multiple Vulnerabilities in Wordpress Event-Registration Plugin

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation.Event-Registratio is one of the plugins for managing registrations and payments online. HTML injection vulnerability and SQL injection vulnerability exists in the Wordpress Event-Registration plugin, which can ...

WordPress Bulletproof Security plugin cross-site scripting vulnerability (CNVD-2016-05861)

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation.BulletProof Security is one of the security plugins against brute force cracking. Cross-site scripting vulnerability exists in versions of the WordPress Bulletproof Security plugin prior to 0.53.4, which can be...

WordPress Brafton 'BraftonAdminPage.php' plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language.Brafton is one of the plugins that makes it easier for users to deploy WordPress sites. A cross-site scripting vulnerability exists in the WordPress Brafton plugin version 3.3.1, which ca...

LastPass has multiple vulnerabilities

LastPass LastPass Password Manager is a free cross-platform online password management tool from LastPass, Inc. in the United States. The tool can be integrated with browsers and provides them with password management, autofill forms and other features, support for random password generation,...

Wordpress ColorWay Theme Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites set up on PHP and MySQL servers.ColorWay theme is one of the plug-ins that support custom themes. A cross-site scripting vulnerability exists in WordPress...