CVE-2018-9997

Cross-site scripting XSS vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page wit...

Open-Xchange App Suite Cross-Site Scripting Vulnerability

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to more intuitively manage email, tasks, files, etc. mail compose is one of the mail editing components. A cross-site scripting vulnerability exists in the mail compose...

Mail.ru: XSS touch.mail.ru compose Body

Domain, site, application -- touch.mail.ru Testing environment -- Mobile devices tested on Chrome for iPad Steps to reproduce -- login using Chrome in Chrome for iPad User-Agent https://touch.mail.ru/messages/sentmsg?Body=%3Cimg%20src%20onerror%3dalert1%3E Actual results -- alert1 Expected result...

Input validation

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxyssl directives are used...

CVE-2018-8059

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxyssl directives are used...

CVE-2018-8059

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxyssl directives are used...

CVE-2018-8059

CVE-2018-8059 concerns the Djelibeybi-based NGINX configurations used with SUSE Portus 2.3. The connected documents indicate the issue arises from a missing SSL certificate validation mechanism due to the absence of proxy_ssl_* directives in the relevant Djelibeybi configuration examples applied ...

CVE-2018-8059

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxyssl directives are used...

Mail.ru: Хранимая XSS ( API )

Stored XSS via saved signature in Mail.Ru Mail mail compose functionality...

CVE-2017-11349

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...

BASS Automated Signature Synthesizer: BASS

BASS Automated Signature Synthesizer BASS pronounced “bæs” is a framework designed to automatically generate antivirus signatures from samples belonging to previously generated malware clusters. It is meant to reduce resource usage of ClamAV by producing more pattern-based signatures as opposed t...

Artifex jbig2dec 'jbig2_image_compose' function integer overflow vulnerability

Artifex jbig2dec is an implementation for decoding JBIG2 streams in PDF files in Ghostscript and MuPDF. An integer overflow vulnerability exists in the 'jbig2imagecompose' function of the jbig2image.c file in Artifex jbig2dec version 0.13. An attacker can exploit this vulnerability with the help ...

DEBIAN-CVE-2017-7976

Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2imagecompose function in jbig2image.c during operations on a crafted .jb2 file, leading to a denial of service application crash or disclosure of sensitive information from process memory...

Lithium Forum - (Compose Message) SSRF Vulnerability

Document Title: =============== Lithium Forum - Compose Message SSRF Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2030 Release Date: ============= 2017-02-20 Vulnerability Laboratory ID VL-ID: ==================================== 2030...

Fome SMS Portal 2.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Fome SMS Portal Advanced - Bulk SMS Reseller v2.0 Script - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://ynetinteractive.com/ Software Buy:...

osquery Command And Control: Kolide

osquery Command And Control Kolide is an agentless osquery web interface and remote api server. Kolide uses the osquery remote apis to do ad-hoc distributed queries, osqueryd configurations and the collection and processing of scheduled queries packs. Kolide was designed to be extremely portable ...

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability in the mail/compose/ComposeActivity.java function of the AOSP Mail component in the Android operating system is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential informati...

Clair - Vulnerability Static Analysis for Containers

Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten...

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the compose function in the AOSP Mail component of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential information through a specially creat...

CVE-2016-2458

The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and...