Unprotected Server Exposes Weight Watchers Internal IT Infrastructure

A critical server for popular weight-loss service Weight Watchers was left unprotected, allowing researchers to take a bite out of dozens of exposed S3 buckets containing company data and AWS access keys. Researchers at Kromtech Security said that they discovered a Weight Watchers Kubernetes...

[SECURITY] Fedora 27 Update: glpi-9.1.7.1-2.fc27

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

[SECURITY] Fedora 26 Update: glpi-9.1.7.1-2.fc26

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

CVE-2018-1202

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or...

Cross site scripting

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially...

Cross site scripting

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or...

Kentico SQL Injection Vulnerability

Kentico is the United States Kentico Software Corporation of a set of ASP.NET-based content management system CMS. The system consists of two main tools : Kentico CMS Desk is used to edit the content of the page ; Kentico CMS Controls is used to edit and control various elements of the page . An...

Sql injection

Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface...

CVE-2018-6843

Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface...

CVE-2018-6843

CVE-2018-6843 affects Kentico CMS: versions prior to 10.0.50 and prior to 11.0.3 expose an SQL injection in the administration interface due to unsafe construction/validation of user input. The vulnerability can allow manipulation or disclosure of data via the back-end database when accessed thro...

CVE-2018-6843

Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface...

PT-2018-17771

Name of the Vulnerable Software and Affected Versions Kentico versions prior to 10.0.50 Kentico versions prior to 11.0.3 Description The administration interface of Kentico has SQL injection. Recommendations For Kentico versions prior to 10.0.50, update to version 10.0.50 or later. For Kentico...

Cisco Videoscape AnyRes Live Cross-Site Scripting Vulnerability

Cisco Videoscape AnyRes Live is a multi-format video encoder released by Cisco USA. A cross-site scripting vulnerability exists in the web-based administration interface of Cisco Videoscape AnyRes Live, which arises from the program's failure to adequately validate user-submitted input. A remote...

CVE-2018-6393

FreePBX 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... or run shell scripts ... once ... logged in to the...

CVE-2017-3193

CVE-2017-3193 affects D-Link DIR-850L firmware 1.14B07 and 2.07.B05. A stack-based buffer overflow occurs in the web admin interface HNAP service. Exploitation involves sending a crafted POST to /HNAP1/ with modified HNAP_AUTH and SOAPAction headers, overflowing a buffer and potentially executing...

AXIS HTTP GET Heap Overflow

The remote AXIS device is affected by a heap overflow vulnerability in its web administration interface due to a flaw in handling of special characters. An unauthenticated remote attacker can exploit this vulnerability for denial of service and possibly remote code execution. C Tenable Network...

CVE-2017-13700

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface...

Design/Logic Flaw

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface...

CVE-2017-13700

The CVE-2017-13700 entry affects MOXA EDS-G512E devices (firmware version 5.1, build 16072215). The vulnerability is a cross-site scripting (XSS) flaw in the device’s administration interface. The available documents do not specify root cause details beyond the XSS description, nor do they provid...

CVE-2017-13700

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface...