Design/Logic Flaw

A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button...

CVE-2017-7342

A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button...

FreeBSD : wordpress -- multiple issues (15ee0e93-4bbb-11e9-9ba0-4c72b94353b5)

wordpress developers reports : Hosts can now offer a button for their users to update PHP. The recommended PHP version used by the Update PHP notice can now be filtered. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

CVE-2018-17493

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other...

CVE-2018-17493

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other...

Code injection

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other...

CVE-2018-17493

CVE-2018-17493 is an eVisitorPass vulnerability (kiosk mode) where an error with the Fullscreen button allows a local attacker to gain elevated privileges. By visiting the kiosk and clicking the fullscreen control, an attacker could close the application and launch other processes on the system. ...

CVE-2018-17493

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other...

Product update: Virtuozzo Infrastructure Platform 2.5 Update 4 (2.5.0-1614)

This update provides stability and usability fixes. Vulnerability id: VSTOR-14144, VSTOR-20526 Blink button in the admin panel was not working in some cases. Vulnerability id: VSTOR-20197 Unable to create network bonds. Vulnerability id: VSTOR-20232 Disk replacement occasionally does not allow to...

wordpress -- multiple issues

wordpress developers reports: Hosts can now offer a button for their users to update PHP. The recommended PHP version used by the Update PHP notice can now be filtered...

Mail.ru: [XSS] postMessage в jsapi/button

XSS via postMessage handler in o2.mail.ru...

Code injection

OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice...

CVE-2019-8408

OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice...

CVE-2019-8408

OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice...

CVE-2019-8408

OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice...

CVE-2018-1962

IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658...

CVE-2018-1962

IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658...

UBUNTU-CVE-2019-7346

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful...

River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)

River Past Ringtone Converter 2.7.6.1601 - Denial of Service PoC Exploit Title: River Past Ringtone Converter v2.7.6.1601 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.riverpast.com/ Software Link : http://www.riverpast.com/ Tested...

CVE-2018-17702

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...