GHSA-52G6-PFRQ-RXFV Jenkins allows Cross-Site Scripting (XSS) in User Configuration

Cross-site scripting XSS vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration...

Siemens SIMATIC STEP 7 (TIA Portal)

1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Siemens Equipment: STEP 7 TIA Portal Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve privilege escalation on the web server of certain devices configured by SIMATIC...

GitLab auth uses full name instead of username as user ID, allowing impersonation

Impact Installations which use the GitLab auth connector are vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another GitLab user who is granted access to a Concourse team by having their full name listed under users in the team configuration or...

YzmCMS Cross-Site Scripting Vulnerability (CNVD-2021-40495)

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the /admin/systemmanage/userconfigedit.html page there is a cross-site scripting vulnerability, an attacker can use the vulnerability to inject...

YzmCMS 跨站脚本漏洞

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the /admin/systemmanage/userconfigedit.html page there is a cross-site scripting vulnerability, an attacker can use the vulnerability to inject...

SolarWinds Serv-U FTP Server Authorization Issues Vulnerability

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the US-based SolarWinds Corporation. A security vulnerability exists in SolarWinds Serv-U before 15.2.2 Hotfix 1, which stems from a directory containing a user configuration file which includes a user's password...

UBUNTU-CVE-2020-5213

In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to...

OPENSUSE-SU-2020:0057-1 Security update for singularity

This update for singularity fixes the following issues: - CVE-2019-19724: Fixed incorrect file permissions on user configuration and cache directories boo1159550...

Oracle Hyperion Financial Reporting CVE-2019-2959 Remote Security Vulnerability

Description Oracle Hyperion Financial Reporting is prone to a remote security vulnerability in Security Models. The vulnerability can be exploited over the 'HTTP' protocol. This vulnerability affects the following supported versions: 11.1.2.4 Technologies Affected Oracle Hyperion Financial...

Oracle Web Services CVE-2019-2907 Remote Security Vulnerability

Description Oracle Web Services is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'SOAP with Attachments API for Java' component is affected. This vulnerability affects the following supported versions: 12.2.1.3.0 Technologies Affected...

NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Multiple Vulnerabilities (NS-SA-2019-0195)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sssd packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' the root directory instead of '' the emp...

F5 BIG-IP Encryption Problem Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. The F5 BIG-IP is vulnerable to an encryption issue. An attacker could exploit this vulnerability to decrypt encrypted...

CVE-2019-12542

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter...

CVE-2017-11557

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request...

Cross site request forgery (csrf)

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request...

CVE-2017-11557

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request...

Information Disclosure

kernel-rt is vulnerable to information disclosure. The vulnerability exists as the report API in the crypto user configuration API uses an incorrect C library function for copying strings...

Cross site request forgery (csrf)

doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification...

CVE-2019-9661

Stored XSS exists in YzmCMS 5.2 via the admin/systemmanage/userconfigedit.html "value" parameter,...

[SECURITY] Fedora 28 Update: ignition-0.31.0-1.gitf59a653.fc28

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, networkd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote UR...