Design/Logic Flaw

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

CVE-2020-12391

CVE-2020-12391 affects Firefox up to version 76. The issue is that documents formed using data: URLs in an OBJECT element do not inherit the CSP of the creating context, which can allow the execution of scripts that should be blocked, albeit with a unique opaque origin. The description explicitly...

VulnCheck KEV: CVE-2017-7391

A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

Security Update for Microsoft Power BI Report Server (May 2020)

A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments. An authenticated attacker could exploit the vulnerability by uploading a specially crafted payload and sending it to the user. The attacker who successfully...

CVE-2020-5577

Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and earlier Movable Type 6.5, Movable Type Advanced 6.5....

XWiki Platform Code Injection Vulnerability

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. A code injection vulnerability exists in XWiki Platform versions 7.2 through 11.10.2 fixed in versions 11.3.7, 11.10.3, and 12.0. An attacker can exploit the vulnerability to execute...

PT-2020-12529 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.16 TYPO3 CMS versions 10.0.0 through 10.4.1 Description: A same-site request forgery vulnerability has been discovered in the backend user interface and install tool of TYPO3 CMS. This vulnerability can be...

Code injection

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0...

Windows Print Spooler Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs...

PT-2020-2477 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to a cross-si...

Debian: Security Advisory (DLA-2208-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2208-1 : wordpress security update

Multiple CVEs were discovered in the src:wordpress package. CVE-2020-11026 Files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. CVE-2020-11027 A password...

SimplePHPGal 0.7 Remote File Inclusion

Title: SimplePHPGal 0.7 - Remote File Inclusion Author: h4shur date:2020-05-05 Vendor Homepage: https://johncaruso.ca Software Link: https://johncaruso.ca/phpGallery/ Software Link: https://sourceforge.net/projects/simplephpgal/ Tested on: Windows 10 & Google Chrome Category : Web Application Bug...

CVE-2020-11026

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

DEBIAN-CVE-2020-11030

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...

CVE-2020-11026

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

CVE-2020-11026

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

UBUNTU-CVE-2020-11030

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...

UBUNTU-CVE-2020-11026

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

CVE-2020-11026

CVE-2020-11026 affects WordPress; vulnerable in affected versions where uploading files with specially crafted names to Media can trigger script execution when the file is accessed. The issue requires an authenticated user with upload privileges. A patch was issued in WordPress 5.4.1, and all pre...