Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS attacks. The attack is due to lack of sanitization of query string provided by the user in the search query, allowing an attacker to inject a malicious script...

CVE-2019-13646

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability...

CVE-2019-13646

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability...

Code injection

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device...

CVE-2017-14853

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device...

Information Disclosure

Oracle Java SE is vulnerable to information disclosure . This is because the LDAP component of OpenJDK fails to properly encode special characters in user names when adding them to an LDAP search query. Remote attackers could possibly use this flaw to manipulate LDAP queries performed by the...

Information Disclosure

redhat-ds-base is vulnerable to information disclosure attacks. The vulnerability exists as the Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a...

Denial Of Service (Dos)

openldap is vulnerable to denial of service. An assertion failure and daemon exit occurs in slapd when an LDAP search query with attrsOnly set to true returns empty attributes. This allows a remote attacker to exploit the vulnerability to crash the process...

Red Hat 389 Directory Server Denial of Service (CVE-2018-10935)

A denial of service vulnerability exists in Nagios XI in the Lightweight Directory Access Protocol LDAP service. The vulnerability is due to improper processing of LDAP search queries. Successful exploitation of the vulnerability could cause the process to abnormally terminate...

Medium: 389-ds-base

Issue Overview: It was found that a specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service.CVE-2018-14648 Affected Packages: 389-ds-base Issue Correction: Run yum update...

Medium: 389-ds-base

Issue Overview: It was found that a specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service.CVE-2018-14648 Affected Packages: 389-ds-base Note: This advisory is applicable to...

CVE-2018-19092

An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie...

CVE-2018-19092

An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie...

Denial of service

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service...

CVE-2018-14648

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service...

UBUNTU-CVE-2018-14648

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service...

DEBIAN-CVE-2018-14648

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service...

CVE-2018-14648

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service...

CVE-2018-14648

It was found that a specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service...

Description of the security update for SharePoint Server 2013: July 10, 2018

Description of the security update for SharePoint Server 2013: July 10, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...