Cisco Adaptive Security Appliance WebVPN Portal Cross-Site Scripting Vulnerability

Cisco Adaptive Security Appliances ASA, Adaptive Security Appliances Software is a set of firewall appliances from Cisco USA. The device also includes IPS Intrusion Prevention System, SSL VPN, IPSec VPN, anti-spam and other features. A cross-site scripting vulnerability exists in the Cisco Adapti...

QNAP Systems Signage Station Script Execution Vulnerability

QNAP Systems Signage Station is a suite of ad creation applications for QNAP NAS. A security vulnerability in QNAP Systems Signage Station allows a remote attacker to upload malicious files using predictable URLs and execute scripts in the files with administrator privileges...

FerretCMS 'admin.php' Cross-Site Scripting Vulnerability

FerretCMS is a content management system CMS based on PHP and MySQL. The system provides features such as page management, template management and user management. A cross-site scripting vulnerability exists in FerretCMS, which stems from the program's failure to adequately filter user-submitted...

Enhancesoft osTicket Arbitrary File Upload Vulnerability

Enhancesoft osTicket is a free and lightweight PHP-based question return system from Enhancesoft, USA. The system supports e-mail queries and more. An arbitrary file upload vulnerability exists in Enhancesoft osTicket. An attacker can exploit the vulnerability to upload and execute arbitrary...

IBM WebSphere Application Server XSS Vulnerability (swg21974520)

IBM WebSphere Application Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...

Script execution on Linux target fails with “Permission Denied” even when executed as root.

Challenge When interacting with Linux servers, Veeam Backup & Replication may encounter a "Permission Denied" error during script execution Pre-freeze, post-thaw, and repository data mover agent scripts, even when the account being used is the root user. Cause All script files are uploaded to and...

Vine MV vulnerable to cross-site scripting

Overview Vine MV contains a cross-site scripting vulnerability CWE-79. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user's web browser. Solution Updat...

HOME SPOT CUBE vulnerable to cross-site scripting

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a cross-site scripting vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

computercraft.info XSS vulnerability

Vulnerable URL: http://computercraft.info/wiki/thumb.php?f=xssposed%23%3Cbody%09onload=confirm%28String.fromCharCode%2888,83,83,80,79,83,69,68%29%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

markdown-it and NodeBB HTML Injection Vulnerabilities

markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...

Wordpress plugin iframe HTML injection vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. iframe plugin is a pop-up layer allowing external URLs to be loaded into the iframe page plugin . Wordpress...

Cross-site Scripting Vulnerability in uCosminexus Portal Framework and Groupmax Collaboration

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework and Groupmax Collaboration. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official...

Drupal Block Class Module HTML Injection Vulnerability

Drupal is the Drupal community maintained by a set of free, open source content management system developed in PHP. Block Class is one of the administrator through the Block configuration interface to add CSS to any Block module . An HTML injection vulnerability exists in Drupal Block Class modul...

Bugzilla cross-site scripting vulnerability (CNVD-2015-08476)

Bugzilla is the United States Mozilla Foundation developed a set of open-source defect tracking system , it can manage software development defects in the submission new, repair resolve, close close and so on the entire life cycle . A cross-site scripting vulnerability exists in Bugzilla versions...

Multiple Cross-site Scripting Vulnerabilities in EUR

Overview Multiple cross-site scripting vulnerabilities were found in EUR. Impact Remote users can exploit these vulnerabilities to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Redmine Cross-Site Scripting Vulnerability

Redmine is a set of open source Web-based project management and defect tracking tools . A cross-site scripting vulnerability exists in Redmine. An attacker can exploit this vulnerability to execute arbitrary script code, steal cookie-based authentication and launch other attacks...

WordPress Auto ThickBox Plus Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Auto ThickBox Plus is one of the thumbnail plugins used to automate the implementation of ThickBox. A cross-site scripting...

Microsoft Internet Explorer Arbitrary Web Script Execution Vulnerability

Microsoft Internet Explorer is a popular web browser introduced by Microsoft and bundled with the Windows operating system. A security mechanism bypass vulnerability exists in Microsoft Internet Explorer 11 that could allow a remote attacker to execute arbitrary web scripts with privileges via a...