CVE-2016-6857

Cross-site scripting XSS vulnerability in the Create Catalogue feature in Hybris Management Console HMC in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote...

CVE-2016-6858

CVE-2016-6858 is a cross-site scripting (XSS) vulnerability in the SAP Hybris Management Console (HMC) Create Employee feature. The issue affects SAP Hybris releases listed as vulnerable (e.g., 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x ...

Rapid7 Nexpose Create Tags Page Cross-Site Scripting Vulnerability

Rapid7 Nexpose is a suite of vulnerability management software from Rapid7 USA that can synthesize different scans to deeply probe a network. The software proactively scans configuration environments for errors, vulnerabilities, malware and provides guidance to reduce risk. A cross-site scripting...

Cross site scripting

In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting XSS elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another...

CVE-2016-7884

Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks...

CVE-2016-7883

Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks...

CVE-2016-7884

Adobe Experience Manager (AEM) versions 6.1 and earlier are affected by an input validation issue in the DAM create assets flow that could enable cross-site scripting. The problem is described in the CVE entry as an input validation flaw leading to XSS. The connected documents confirm the affecte...

MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)

The version of MySQL running on the remote host is 5.5.x prior to 5.5.54. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. CVE-2017-3238 - An...

MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.17. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition...

MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.35. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition...

ug.kassir.ru XSS vulnerability

Open Bug Bounty ID: OBB-197632 Description| Value ---|--- Affected Website:| ug.kassir.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

DEBIAN-CVE-2016-7994

Memory leak in the virtiogpuresourcecreate2d function in hw/display/virtio-gpu.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption via a large number of VIRTIOGPUCMDRESOURCECREATE2D commands...

ALPINE-CVE-2016-9102

Memory leak in the v9fsxattrcreate function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption and QEMU process crash via a large number of Txattrcreate messages with the same fid number...

Bluemix Container Authorization Controls

Date : 09/12/2016 Author : Oscar Martinez Tested on:cf version 6.22.1+6b7af9c-2016-09-24 / Docker version 1.12.3, build 6b644ec / API endpoint: https://api.ng.bluemix.net API version: 2.54.0 API endpoint: https://api.ng.bluemix.net API version: 2.54.0 Vendor : IBM Software : bluemix...

Fedora 23 : phpMyAdmin (2016-7fc142da66)

phpMyAdmin 4.6.5.1 2016-11-26 =============================== A patch-level release fixing two small issues : - an issue affecting a small number of users using $cfg'Servers'$i'hidedb' or $cfg'Servers'$i'onlydb'. - an issue affecting the create table dialog where the partition selection tool was...

Lepton Cross-Site Forgery Vulnerability

Lepton is a set of tools for lossless compression of JPEG format files. Lepton suffers from a cross-site forgery vulnerability that can be exploited by attackers to delete, create, or rename folders and files...

Create an AWS IAM User

This module will attempt to create an AWS Amazon Web Services IAM Identity and Access Management user with Admin privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/aws/client'...

LEPTON 2.2.2 - SQL Injection

LEPTON 2.2.2 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: SQL...

Atutor Cross-Site Request Forgery Vulnerability

ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site request forgery vulnerability exists in the /createcourse.php page in ATutor version 2.2.2,...

Nagios Network Analyzer create Cross-Site Request Forgery

A cross-site request forgery vulnerability exists in the create user interface of Nagios Network Analyzer. The vulnerability is due to a lack of CSRF protection on the user creation form in createuser.php. A remote, unauthenticated attacker can exploit this vulnerability by enticing an...