Atlassian JIRA 'Jira-importers-plugin' Cross-Site Request Forgery Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace.Jira-importers-plugin is one of the plugins used to provide the core functionality of the Atlassian product. A cross-site request...

CVE-2017-18033

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery CSRF vulnerabilities...

CVE-2017-10282

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to...

Various Cross-site request forgery(CSRF) vulnerabilities in the Jira-importers-plugin - CVE-2017-18033

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery CSRF vulnerabilities...

Unspecified Vulnerability in Oracle Fusion Middleware (CNVD-2018-02269)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle. The platform provides middleware, software collections and other features. oracle WebCenter Content is one of the enterprise content management solution...

New Relic: User to Admin privilege escalation in Infrastructure Conditions - /v2/accounts/1835740/alerts/conditions

Details The endpoints POST /v2/accounts/:accountid/alerts/conditions create new and PUT /v2/accounts/:accountid/alerts/conditions/:conditionid update existing on infrastructure-alert.service.newrelic.com are vulnerable to privilege escalation. As per the screenshot below, an account with regular...

"An error occurred during the Create Store Wizard. Please check the log in Event Viewer and try again" While Creating Store

The objective of this article is to solve the issue with StoreFront no able to create Stores. Error Message: Here is the error message from event log which is received when trying to create new Store: System.UriFormatException: Invalid URI: The hostname could not be parsed. at...

Huawei P9 Elevation of Privilege Vulnerability

Huawei P9 is a smartphone from the Chinese company Huawei.Audio driver is one of the audio drivers. An elevation of privilege vulnerability exists in the Huawei P9. An unauthenticated attacker could use this vulnerability to bypass the phone activation step, enter the user management page and...

CVE-2017-2727

Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a privilege escalation vulnerability. An...

Horde Groupware Cross-Site Scripting Vulnerability (CNVD-2017-37743)

Horde Groupware is a free, enterprise-grade, browser-based collaboration suite. A cross-site scripting vulnerability exists in Horde Groupware 5.2.19. A cross-site scripting attack can be performed via the Color field in the "Create Task List" action, which can lead to remote code execution...

Cross site scripting

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

DEBIAN-CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

UBUNTU-CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware, CVE-2017-16907 is a documented XSS in the Color field of a Create Task List action affecting Horde Groupware 5.2.19 and 5.2.21. Debian LTS advisories report fixes in php-horde-core (2.27.6+debian1-2+deb9u1) and php-horde (5.2.13+debian0-1+deb9u3) for Debian 9 stretch, indicati...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

NethServer 7.3.1611 (create.json) CSRF Create User And Enable SSH Access

Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Vendor...