8430 matches found
Microsoft Identity Manager Elevation of Privilege Vulnerability
Microsoft Identity Manager 2016 SP1 is a local identity management and access management solution from Microsoft Corporation USA. The solution supports synchronizing identities across directories, databases, and applications, and improves administrative security through policies, privileged acces...
CVE-2018-0908
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."...
CVE-2018-0908
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."...
Adobe Acrobat Pro DC ImageConversion EMF EMR_STRETCHBLT cxSrc Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Acrobat Pro DC ImageConversion EMF EMR_EXTTEXTOUTA Options Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Reader DC XFA dashDot Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-1000078
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...
PT-2018-16934 · Quagga +3 · Quagga +3
Name of the Vulnerable Software and Affected Versions: Quagga versions prior to 1.2.3 Description: The issue arises from improper bounds checking of data sent with a NOTIFY to a peer when an attribute length is invalid. This can lead to arbitrary data from the bgpd process being sent over the...
NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)
XSS in error message caused by alt and title image attributes...
CVE-2017-18175
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration aka Templateconfiguration, as demonstrated by the src attribute of an IMG element. This is fixed in 10.1...
CVE-2018-6506
Cross-Site Scripting XSS exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field...
miniBB Cross-Site Scripting Vulnerability
miniBB full name Minimalistic Bulletin Board is a free, open source Internet forum software. The software supports a variety of forum styles , multiple interface languages , multiple time zones , plug-ins and extensions , etc. Administrative Panel is one of the administrative panel . A cross-site...
UBUNTU-CVE-2018-6790
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element...
Dojo Toolkit Cross-Site Scripting Vulnerability
Dojo Toolkit is the Dojo Foundation an open source DHTML toolkit implemented in the JavaScript language . The toolkit is easy to build interactive user interface , Dojo's extension package can make the user's code easier to maintain , less coupling , etc. dijit.Editor is one of the WYSIWYG editor...
CVE-2018-6561
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
Cross site scripting
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
CVE-2018-6561
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
DEBIAN-CVE-2018-6561
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
jQuery Denial of Service Vulnerability
jQuery is an American programmer John Resig developed a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A denial of service vulnerability exists in versions of...
GHSA-MHPP-875W-9CPV Denial of Service in jquery
Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition. Recommendation Upda...