SAP Enterprise Portal Cross-Site Scripting Vulnerability

SAP Enterprise Portal is a set of enterprise portal based on NetWeaver system platform developed by SAP, which contains content management, single sign-on, knowledge management, collaborative work, full-text search and other modules. A cross-site scripting vulnerability exists in SAP Enterprise...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10727)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10725)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10723)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10726)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Pivotal RabbitMQ Product Cross-Site Scripting Vulnerability

Pivotal RabbitMQ and RabbitMQ for PCF are both products of the American company Pivotal Software. The former is a set of open source message broker software that implements the Advanced Message Queuing Protocol AMQP, and the latter is an open source messaging server used to support data monitorin...

JVN#11326581: Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Empirical Project Monitor - eXtended The...

Simple Snort Installation: Snorter

Simple Snort Installation Tricky script which mades Snort installation simply as a script execution is. The script installs: Snort : Open Source IDS. Barnyard2 : Interpreter for Snort unified2 binary output files. PulledPork : Snort rule management. WebSnort : Web Interface for PCAP analysis...

CVE-2017-6250

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...

Design/Logic Flaw

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...

CVE-2017-6250

NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...

CVE-2017-6250

CVE-2017-6250 affects NVIDIA GeForce Experience, specifically the NVIDIA Web Helper.exe component. The issue permits local code execution through untrusted script execution, per the CVSS3 base metrics (High impact on confidentiality, integrity, and availability; local attack vector with low compl...

CVE-2017-2140

Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory...

CVE-2017-2140

Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory...

CVE-2017-2140

CVE-2017-2140 affects Tablacus Explorer 17.3.30 and earlier. The root cause is improper handling of directory names, leading to a script injection vulnerability that allows arbitrary scripts to run in the context of the application. Impact stated: when a user accesses a crafted directory, an arbi...

Security Bulletin: NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe (repackaged Node.js)

Vulnerability Details The following section summarizes the vulnerability and CVSS risk assessment. CVE-2017-6250 NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code...

FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: XSRF Stored FlySpray 1.0-rc4 XSS2CSRF add admin account Date: 19/04/2017 Exploit Author: Cyril Vallicari / HTTPCS / ZIWIT : https://www.openoffice.org Version: 1.0-rc4 Tested on: Windows 7 x64 SP1 / Kali Linux Description : A vulnerability has been discovered in Flyspray , which ca...

Palo Alto Networks PAN-OS Cross-Site Scripting Vulnerability (CNVD-2017-06109)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. Palo Alto Networks PAN-OS suffers from a cross-site scripting vulnerability due to the program failing to properly filter user-supplied input. An attacker could exploit the...

WordPress plugin "Booking Calendar" vulnerable to cross-site scripting

Overview The WordPress plugin "Booking Calendar" provided by wpdevelop contains a stored cross-site scripting vulnerability CWE-79. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/C...