Multiple Vulnerabilities in Cube Digital Media Neoscreen

The Cube Digital Media Neoscreen is a smart display from the French company Cube Digital Media. A security vulnerability exists in Cube Digital Media Neoscreen version 4.5. An attacker can exploit this vulnerability to execute arbitrary script code in the context of an affected site, steal...

Multiple Vulnerabilities in F-Secure KEY for Desktop

F-Secure KEY for Desktop is a password manager from the Finnish company F-Secure. A security vulnerability exists in F-Secure KEY for Desktop versions 4.3.101 through 4.3.129. An attacker can exploit the vulnerability to execute arbitrary script code in the context of the affected site, steal...

Huawei ISM Professional Cross-Site Scripting Vulnerability

Huawei ISM is a suite of device management software, cloud storage management software, and network storage management software from Huawei, China.Huawei ISM Professional is the professional version of Huawei ISM. A cross-site scripting vulnerability exists in Huawei ISM Professional that...

Multiple vulnerabilities in the Huge-IT Image Gallery extension for Joomla!

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other features . Huge-IT Image Gallery is one of the image gallery extension plug-ins . A SQL injection vulnerability and a cross-site scripti...

Multiple Cross-Site Scripting Vulnerabilities in Zen Cart

Zen Cart is Zen Cart team developed an open source shopping cart system . Multiple cross-site scripting vulnerabilities exist in Zen Cart 1.5.4 and previous versions. An attacker can exploit this vulnerability to execute arbitrary script code, steal cookie-based authentication and launch other...

Wordpress BulletProof Security plugin cross-site scripting vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation.BulletProof Security is one of the security plugins against brute force cracking. A cross-site scripting vulnerability exists in version 0.53.2 of the WordPress Bulletproof Security plugin. An attacker can...

LiteCart CMS 'order_id' Parameter Cross-Site Scripting Vulnerability

LiteCart CMS is a free PHP-based e-commerce content management system CMS. A cross-site scripting vulnerability exists in LiteCart CMS version 1.3.4. An attacker can exploit the vulnerability to execute arbitrary script code, steal cookie-based authentication and launch other attacks...

WordPress CloudFlare plugin has multiple cross-site scripting vulnerabilities

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language. cloudFlare is one of the CDN Content Delivery Network acceleration service plug-in. WordPress CloudFlare plugin version 1.3.20 has multiple cross-site scripting vulnerabilities. An attacker...

Multiple Cross-Site Scripting Vulnerabilities in Wowza Streaming Engine

Wowza Streaming Engine is powerful media server software that provides reliable and smooth high quality video and audio delivery to any device. Wowza Streaming Engine suffers from multiple cross-site scripting vulnerabilities by entering several parameters script before unverified. An attacker ca...

TYPO3 Formhandler Extension Cross-Site Scripting Vulnerability

TYPO3 is a Swiss TYPO3 Association maintains a free and open source content management system framework CMS/CMF. formhandler is one of the Web development form Form module extension plug-in . A cross-site scripting vulnerability exists in versions 2.3.1 and 2.0.2 of the TYPO3 Formhandler extensio...

Drupal Outline Designer Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Outline Designer is one of the user experience modules for library management. A cross-site scripting vulnerability exists in Drupal Outline Designer versions 7.x-2.x prior to 7.x-2.3,...

HTML Injection Vulnerability in Multiple Pivotal Products

Pivotal Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Pivotal Elastic Runtime is one of Pivotal Cloud Foundry's runtime environments. UAA User...

CloudBees Jenkins has multiple vulnerabilities

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . HTML...

CloudBees Jenkins has multiple vulnerabilities (CNVD-2016-04833)

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . HTML...

The vulnerability of Microsoft SharePoint’s electronic document management system, which allows a malicious individual to increase their privileges

The Microsoft SharePoint electronic document management program contains a vulnerability related to the improper filtering of specially crafted requests sent to the server. Exploiting this vulnerability allows a malicious user, after authenticating, to elevate their privileges by sending a...

PT-2016-5990 · Bosch Rexroth · Bladecontrol-Webvis

Name of the Vulnerable Software and Affected Versions: Rexroth Bosch BLADEcontrol-WebVIS versions 3.0.2 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors, potentially leading to...

The vulnerability of Google Chrome browser allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this functionality after release in core/dom/ContainerNode.cpp, within the implementation of the object model for documents in Blink for Google Chrome, allows malicious actors who operate remotely to trigger service failures or exert other effects on the system by executing a script...

Vulnerability of Microsoft Lync Server software, allowing a remote attacker to compromise protected information

A cross-site scripting implementation that allows access to confidential information exists in Lync Server. This implementation is related to the improper processing browsing of specially crafted content. If it operates successfully, a malicious individual can execute scripts in the user’s browse...

OpenDocMan has multiple vulnerabilities

OpenDocMan is OpenDocMan project team developed an open source Web-based PHP document management system DMS. HTML injection and cross-site scripting vulnerabilities exist in OpenDocMan, which can be exploited by attackers to execute arbitrary script code, steal cookie-based authentication or...

Multiple cross-site scripting vulnerabilities in phpMyAdmin (CNVD-2016-04309)

phpmyadmin is an online management tool for MySQL databases. A cross-site scripting vulnerability exists in phpmyadmin versions 4.4.x and 4.6.x in the user permissions page and the user group function, which can be exploited by an attacker to execute arbitrary scripts across sites...