453 matches found
CVE-2020-3233
CVE-2020-3233 describes a stored cross-site scripting (XSS) vulnerability in Cisco IOx Application Framework’s web-based Local Manager interface. An authenticated user with Local Manager credentials can inject malicious code via the System Settings tab due to insufficient input validation, leadin...
Cisco IOx Application Framework Arbitrary File Creation Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...
[SECURITY] Fedora 32 Update: php-horde-horde-5.2.22-1.fc32
The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of...
[SECURITY] Fedora 31 Update: php-horde-horde-5.2.22-1.fc31
The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of...
[SECURITY] Fedora 30 Update: php-horde-horde-5.2.22-1.fc30
The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of...
Fedora: Security Advisory for php-horde-horde (FEDORA-2020-fd8761fd13)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the Symfony software platform for developing and managing web applications stems from the lack of measures taken to neutralize special elements that could prevent unauthorized code from being implemented.
The vulnerability of the Symfony software platform for developing and managing web applications exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to inject arbitrary code remotely...
[SECURITY] [DLA 2175-1] php-horde-trean security update
Package : php-horde-trean Version : 1.1.1-2+deb8u1 CVE ID : CVE-2020-8865 Debian Bug : 955019 A directory traversal vulnerability resulting from insufficient input sanitization was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to execute code ...
Debian: Security Advisory (DLA-2162-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2162-1 : php-horde-form security update
A remote code execution vulnerability was discovered in the Form API component of the Horde Application Framework. An authenticated remote attacker could use this flaw to upload arbitrary content to an arbitrary writable location on the server and potentially execute code in the context of the we...
[SECURITY] Fedora 31 Update: php-horde-Horde-Form-2.0.20-1.fc31
The HordeForm package provides form rendering, validation, and other functionality for the Horde Application Framework...
Fedora: Security Advisory for php-horde-Horde-Form (FEDORA-2020-a55b70b4ab)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 30 Update: php-horde-Horde-Form-2.0.20-1.fc30
The HordeForm package provides form rendering, validation, and other functionality for the Horde Application Framework...
[SECURITY] Fedora 32 Update: php-horde-Horde-Form-2.0.20-1.fc32
The HordeForm package provides form rendering, validation, and other functionality for the Horde Application Framework...
Iskysoft Application Framework Service 2.4.3.241 - IsAppService Unquoted Service Path
Iskysoft Application Framework Service 2.4.3.241 - IsAppService Unquoted Service Path Exploit Title: Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path Discovery by: Alejandro Reyes Discovery Date: 2020-03-05 Vendor Homepage: https://www.iskysoft.us Software...
Iskysoft Application Framework Service 2.4.3.241 - (IsAppService) Unquoted Service Path Vulnerabilit
Exploit Title: Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path Discovery by: Alejandro Reyes Vendor Homepage: https://www.iskysoft.us Software Link : https://www.iskysoft.us/lp/filmora-video-editor/?gclid=EAIaIQobChMIo-WL-Z6h5wIVwR0YCh3O7QYsEAAYAiAAEgJmDBwE...
Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path
Exploit Title: Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path Discovery by: Alejandro Reyes Discovery Date: 2020-03-05 Vendor Homepage: https://www.iskysoft.us Software Link :...
The vulnerability of the Application Framework component of the Cisco Data Center Network Manager system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Application Framework component of the Cisco Data Center Network Manager system exists due to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality,...
CVE-2019-15982
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker wou...
Directory traversal
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker wou...