Advantech WebAccess/SCADA suffers from a command execution vulnerability (CNVD-2020-58468)

Advantech WebAccess/SCADA is a suite of SCADA software based on a browser architecture. A command execution vulnerability exists in Advantech WebAccess/SCADA. An attacker could exploit the vulnerability to execute console commands...

Cisco Data Center Network Manager Stored Cross-Site Scripting (cisco-sa-20200219-dcnm-xss)

According to its self-reported version, Cisco Data Center Network Manager is prior to version 11.31 and is, therefore, affected by a cross-site scripting vulnerability in the web-based management interface due to insufficient validation of user-supplied input. An attacker could exploit this...

CVE-2020-3523 Cisco Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface...

[SECURITY] Fedora 31 Update: roundcubemail-1.4.8-1.fc31

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2020-3406 Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does not...

CVE-2020-3282 Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to...

Fedora: Security Advisory for roundcubemail (FEDORA-2020-aeffd92b77)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

X (Formerly Twitter): Denial of Service | twitter.com & mobile.twitter.com

Hi Team, Detail: I found a DoS that works on twitter.com and mobile.twitter.com, but it doesn't work on the mobile app. The user only needs to view the message or tweet in order to be exposed to this DoS. As far as I can remember, a report similar to this report has been sent to you before, but I...

[SECURITY] Fedora 31 Update: roundcubemail-1.4.6-1.fc31

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Arbitrary File Deletion Vulnerability in WebAccess SCADA at Advantech (China) Co.

Advantech WebAccess SCADA is a browser-based SCADA software package for supervisory control, data acquisition and visualization. It is used to automate complex industrial processes in the context of remote operation. An arbitrary file deletion vulnerability exists in Advantech China WebAccess...

Advantech WebAccess Node Out-of-Bounds Read Vulnerability

Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition and visualization. It is used to automate complex industrial processes where remote operation is required. An out-of-bounds read vulnerability exists in Advantech WebAccess Node, which can be exploited ...

Advantech WebAccess/SCADA suffers from arbitrary file deletion vulnerability (CNVD-2020-29403)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. An arbitrary file deletion vulnerability exists in Advantech WebAccess/SCADA, which can be exploited by an attacker to delete arbitrary files from the server...

Advantech WebAccess/SCADA suffers from a command execution vulnerability (CNVD-2020-29400)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A command execution vulnerability exists in Advantech WebAccess/SCADA, which can be exploited by an attacker to execute malicious code...

Denial of Service Vulnerability in Advantech WebAccess/SCADA

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A denial of service vulnerability exists in Advantech WebAccess/SCADA, which can be exploited by an attacker to cause the program to crash...

Moderate: Red Hat Security Advisory: Red Hat CodeReady Workspaces 2.1.0 release

Red Hat CodeReady Workspaces 2.1.0 has been released. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...

$100K Paid Out for Google Cloud Shell Root Compromise

Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...

Cisco Application Policy Infrastructure Controller Web-Based Management Interface Cross-Site Scripting Vulnerability (cisco-sa-20190501-apic-xss)

According to its self-reported version, Cisco Application Policy Infrastructure Controller APIC is affected by following vulnerability - A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker t...

CVE-2020-3159 Cisco Finesse Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Digital Network Architecture DNA Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based...