Foxit Reader and PhantomPDF Remote Command Execution Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation produced a small PDF document viewing and printing program, PhantomPDF is a commercial version. A remote command execution vulnerability exists in Foxit Reader and PhantomPDF that could be exploited to allow an attacker to execute arbitrary...

Fortinet FortiAnalyzer and FortiManager 'Filenames' HTML Injection Vulnerability

Fortinet FortiManager is a centralized network security management solution; Fortinet FortiAnalyzer is a centralized network security reporting solution. An HTML injection vulnerability exists in FortiAnalyzer and FortiManager 'Filenames' that could be exploited by an attacker to steal cookie-bas...

Foxit Reader and Foxit PhantomPDF Out-of-Bounds Read/Write Remote Command Execution Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation produced a small PDF document viewing and printing program, PhantomPDF is a commercial version. Foxit Reader and Foxit PhantomPDF have an out-of-bounds read/write remote command execution vulnerability that could be exploited by an attacker...

phpMyAdmin 4.0.10.x < 4.0.10.17 / 4.4.15.x < 4.4.15.8 / 4.6.x < 4.6.4 Multiple Vulnerabilities

Binary data 9538.prm...

Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Smart Call Home Transport Gateway could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this...

Cisco IP Phone 8800 Series XSS Vulnerability (cisco-sa-20160810-ip-phone-8800)

Cisco IP Phone 8800 Series are prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if descriptio...

Fotoware Fotoweb Cross-site Scripting Vulnerability

Fotoware Fotoweb is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco Meeting Server Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web bridge that offers video via a web interface of Cisco Meeting Server Software, formerly Acano Conferencing Server, could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web interface of an affected...

Microsoft Internet Explorer CVE-2016-3245 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script code in the context of the us...

Microsoft Edge and Internet Explorer XSS Filter CVE-2016-3273 Information Disclosure Vulnerability

Description Microsoft Edge and Internet Explorer are prone to an information-disclosure vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute...

phpMyAdmin 4.0.x < 4.0.10.15 / 4.4.x < 4.4.15.5 / 4.5.x < 4.5.5.1 Multiple XSS (PMASA-2016-11)

Binary data 9356.prm...

Microsoft Internet Explorer XSS Filter CVE-2016-3212 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. They can then execute arbitrary script code in the context of th...

WordPress Kento Post Viewer Counter Plugin Multiple Vulnerabilities

WordPress Kento Post Viewer Counter Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

TYPO3 Bookmark Toolbar XSS Vulnerability (TYPO3-CORE-SA-2016-006)

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

WordPress Same Origin Method Execution Vulnerability (May 2016) - Windows

WordPress is prone to same origin method execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress Same Origin Method Execution Vulnerability (May 2016) - Linux

WordPress is prone to same origin method execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer CVE-2016-0188 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script code in the context of the us...

PHPmongoDB CSRF And XSS Vulnerabilities

PHPmongoDB is prone to multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

Piwik < 2.16.0 Unspecified XSS

The version of Piwik running on the remote host is prior to 2.16.0. It is, therefore, affected by an unspecified cross-site scripting XSS vulnerability due to a failure to properly validate input before returning it to users. An unauthenticated, remote attacker can exploit this, via a crafted...

Microsoft Edge Proxy Object Universal Cross Site Scripting Vulnerability

This vulnerability allows remote attackers to inject arbitrary script code into arbitrary domains on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...