14 matches found
openVIVA c2 20220101 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting product: mb Support broker management solution openVIVA c2 vulnerable version: 20220801 CVE number: CVE-2022-39172 impact: Medium homepage:...
Kiddoware Kids Place Parental Control Android App 3.8.49 XSS / CSRF / File Upload Vulnerabilities
======================================================================= title: Multiple Vulnerabilities product: Kiddoware Kids Place Parental Control Android App vulnerable version: =3.8.49 fixed version: 3.8.50 or higher CVE number: CVE-2023-28153, CVE-2023-29078, CVE-2023-29079 impact: High...
B&R Systems Diagnostics Manager Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple XSS Vulnerabilities product: B&R Systems Diagnostics Manager vulnerable version: =3.00 and =D4.93 CVE number: CVE-2022-4286 impact: medium homepage:...
Moodle 3.x PHP Unserialize Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution via PHP unserialize product: Moodle - Open-source learning platform vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier...
DokuWiki 2018-04-22a Greebo Arbitrary Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: CSV Formula Injection product: DokuWiki vulnerable version: 2018-04-22a "Greebo" and older versions fixed version: None CVE number: CVE-2018-15474 impact: Medium homepage...
Zeta Producer Desktop CMS 14.2.0 Code Execution / File Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable version: =14.2.1 CVE number: CVE-2018-13981, CVE-2018-13980 impact: critical...
WSO2 Identity Server 5.3.0 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0 fixed version: WSO2 Identity Server 5.5.0 C...
Oracle Financial Services Analytical Applications 7.3.5.x / 8.0.x XXE Injection(CVE-2018-2660) / XSS(CVE-2018-2661)
Vendor description: ------------------- "Oracle is the unchallenged leader in Financial Services, with an integrated, best-in-class, end-to-end solution of intelligent software and powerful hardware designed to meet every financial service need." Source:...
I, Librarian PDF Manager 4.6 / 4.7 Command Injection / SSRF / Enumeration
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager vulnerable version: =4.6 & 4.7 fixed version: 4.8 CVE number: - impact: Critical homepage:...
Navetti PricePoint 4.6.0.0 XSS / CSRF / SQL Injection Vulnerabilities
Exploit for php platform in category web applications title: Multiple vulnerabilities product: Navetti PricePoint vulnerable version: 4.6.0.0 fixed version: 4.7.0.0 or higher CVE number: - impact: high/critical homepage: http://www.navetti.com/ found: 2016-07-18 by: W. Schober Office Vienna SEC...
TYPO3 CMS 2.0.3 Cross Site Scripting Vulnerability
TYPO3 CMS versions 2.0.3 and below suffer from a cross site scripting vulnerability. title: Cross Site Scripting XSS product: Recommend Page extension for TYPO3 CMS pbrecommendpage vulnerable version: =2.0.3 fixed version: - CVE number: - impact: Medium homepage: https://typo3.org/ found:...
Kerio Control Unified Threat Management Code Execution / XSS / Memory Corruption
SEC Consult has also released a blog post describing the attack scenarios of the vulnerabilities within this advisory in detail and a video which shows the remote attack. Exploit code has been developed as well but will not be released for now. Blog:...
Skybox Platform 7.0.611 - Multiple Vulnerabilities
Skybox Platform 7.0.611 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Skybox Platform vulnerable version: =7.0.611 fixed version: 7.5.401 CVE number: impac...
MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation
Mogwai Security Advisory MSA-2015-03 ---------------------------------------------------------------------- Title: iPass Mobile Client service local privilege escalation Product: Hewlett-Packard Universal CMDB UCMDB Affected versions: iPass Mobile Client 2.4.2.15122 Newer version might be also...