123 matches found
Inciga Web v2.8.2 - Cross Site Scripting Vulnerability
Document Title: =============== Inciga Web v2.8.2 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2273 Release Date: ============= 2022-04-07 Vulnerability Laboratory ID VL-ID: ==================================== 22...
CVE-2021-29719
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091...
Code injection
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091...
PT-2021-18430 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.0 Description: The issue is related to client-side vulnerabilities due to a web response specifying an incorrect content type. Recommendations: For IBM Cognos Analytics versions 11.1.7 through...
The vulnerability of the client-side SCP mechanism in OpenSSH, which arises due to insufficient validation of input data, allows attackers to overwrite arbitrary files in the client’s download directory.
The vulnerability of the client-side SCP component in OpenSSH exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to rewrite any files in the client’s download directory by creating a sub-directory anywhere on the remote server...
CVE-2010-4264
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side...
Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking
A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit,...
CVE-2020-24397
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...
CVE-2020-15588
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...
CVE-2019-18207
In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page...
PT-2019-16914 · Ibm · Ibm Cloud Automation Manager
Name of the Vulnerable Software and Affected Versions: IBM Cloud Automation Manager version 3.1.2 Description: The issue allows a malicious user on the client side, with access to the client computer, to run a custom script. Recommendations: For IBM Cloud Automation Manager version 3.1.2, conside...
Trint Ltd: Insecure Zendesk SSO implementation by generating JWT client-side
Summary: app.trint.com implements SSO to Zendesk, it does this by using JWT as described at https://support.zendesk.com/hc/en-us/articles/203663816-Enabling-JWT-JSON-Web-Token-single-sign-on This functionality has not been implemented securely because the JWT generation happens in the client-side...
Acadmic Microsoft - (API) Filter Cross Site Vulnerability
Document Title: =============== Acadmic Microsoft - API Filter Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2056 MSRC ID: 0001010174 Release Date: ============= 2018-01-20 Vulnerability Laboratory ID VL-ID:...
Composr CMS v10.0.0 - Cross Site Scripting Vulnerability
Document Title: =============== Composr CMS v10.0.0 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2066 Release Date: ============= 2017-06-08 Vulnerability Laboratory ID VL-ID: ====================================...
Wordpress Contentive Theme - Cross Site Web Vulnerability
Document Title: =============== Wordpress Contentive Theme - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2065 Release Date: ============= 2017-05-22 Vulnerability Laboratory ID VL-ID: ====================================...
Microsoft (MEPN EDU) - Client Side Cross Site Vulnerability
Document Title: =============== Microsoft MEPN EDU - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1930 MSRC ID: 34153 TRK: 0497000318 Release Date: ============= 2016-12-14 Vulnerability Laboratory ID VL-ID:...
Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability
Document Title: =============== Cyberoam iview UTM v0.1.2.7 - Ajax XSS Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1850 Cyberoam ID: 1059276 Security ID: NCR-2064 Release Date: ============= 2016-10-03 Vulnerability Laboratory ID...
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability
Document Title: =============== Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1891 Release Date: ============= 2016-07-31 Vulnerability Laboratory ID VL-ID: ==================================...
The vulnerability of WebSphere Application Server application servers allows attackers to inject arbitrary Web or HTML code.
The vulnerability of the OpenID Connect client-side web application server provided by WebSphere Application Server exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using ...
Security update for glibc (critical)
This update for glibc fixes the following security issues: fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo, known as CVE-2015-7547. It is a client side networked/remote vulnerability...