LAquis SCADA dll Hijacking Vulnerability

LAquis SCADA is the tool and language for data collection, process supervision, industrial automation, storage and report generation for quality management and application development. LAquis SCADA suffers from a dll hijacking vulnerability. The vulnerability is caused due to the LAquis SCADA...

Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read Vulnerability

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file...

Oracle Automatic Service Request Remote Vulnerability

Automatic Service Request ASR is an "Oracle Support Service" that provides automatic case generation in the event of common hardware component failures. A remote vulnerability exists in Oracle Automatic Service Request. An attacker can exploit the vulnerability to compromise the "ASR Manager"...

Oracle PeopleSoft ToolsRelease / ToolsReleaseDB / HCM SSRF Vulnerabilities

Oracle PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a server-side request forgery vulnerability. Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com...

China Knowledge CAJViewer reader suffers from dll hijacking vulnerability

China Knowledge CAJViewer Reader is a specialized full-text format reader for China Journal Network. China Knowledge CAJViewer Reader has a dll hijacking vulnerability, the vulnerability is due to China Knowledge CAJViewer Reader CAJVieweru.exe component is not safe to load the library file, an...

go-jose encryption issue vulnerability

go-jose is a standard method for implementing JavaScript object signing and encryption . A cryptographic issue vulnerability exists in go-jose that stems from the program failing to validate the cryptographic public key. An attacker can exploit this vulnerability to break the curve encryption...

IIS 6.0 exposure remote code execution vulnerability CVE-2017-7269-vulnerability warning-the black bar safety net

Vulnerability description Microsoft has confirmed the vulnerabilities: Windows Server 2003R2 version IIS6. 0 the WebDAV service in the ScStoragePathFromUrl a function of the presence buffer overflow vulnerability, the remote attacker through to the“If: Since the opening the WebDAV service on the...

CVE-2016-9472

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narr...

Cross site scripting

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narr...

spessart-therme.de XSS vulnerability

Vulnerable URL: https://www.spessart-therme.de/suchergebnis.html?txindexedsearchsword=%22%3Etrolo%3Ci%3Etralala%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:|...

Windows Graphics Component Remote Code Execution Vulnerability

A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or creat...

Cross site scripting

An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application...

CVE-2017-6506

In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 aka "Service ready" string...

CVE-2017-6506

In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 aka "Service ready" string...

Cross site scripting

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document...

WordPress VaultPress 1.8.4 Remote Code Execution / Man-In-The-Middle

------------------------------------------------------------------------ VaultPress - Remote Code Execution via Man in The Middle attack ------------------------------------------------------------------------ David Vaartjes, July 2016...

Atheme IRC Services Denial of Service Vulnerability

Atheme IRC Services is a portable and secure IRC service set that runs on many IRCs. A denial of service vulnerability exists in Atheme IRC Services. An attacker can exploit the vulnerability to launch a denial of service attack...

132 Google Play Apps Booted For Having Malicious IFrames

Google removed 132 apps infected with malicious iFrames from its Google Play store after security researchers discovered a development platform used to create the apps was infected with malware and in turn compromised the apps. Palo Alto Networks’ Unit 42 researchers said the apps were infected...

X.org Privilege Escalation / Use-After-Free / Weak Entropy Vulnerabilities

Exploit for windows platform in category local exploits Multiple Vulnerabilities in X.org ================================= Overview -------- Vendor: X.org/Freedesktop.org Vendor URL: https://www.x.org/wiki/ Credit: X41 D-Sec GmbH, Eric Sesterhenn Advisory-URL:...

Virglrenderer Denial of Service Vulnerability (CNVD-2017-02435)

Virglrenderer is a library for maintaining API stability in Virgil 3d projects. A denial of service vulnerability exists in Virglrenderer. An attacker could exploit this vulnerability to launch a denial of service attack...