73 matches found
CVE-2020-3185
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient input validati...
Apache OFBiz 16.11.05 Cross Site Scripting
Exploit Title: Apache OFBiz v16.11.05 - Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 09 - December - 2018 Exploit Author: DKM Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://www.apache.org/dyn/closer.lua/ofbiz/apache-ofbiz-16.11.05.zip Version: v16.11.05 Test...
CVE-2016-10710
Biscom Secure File Transfer SFT 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix...
Debian DSA-3284-1 : qemu - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2015-3209 Matt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a gues...
Citrix XenServer Multiple Security Updates (CTX201145)
A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to crash the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1...
Xen Denial of Service Vulnerability (CNVD-2015-03573)
Xen is an open source virtual machine monitor. Xen versions 3.3.x-4.5.x, fail to properly restrict write access to the host MSI message data field, which can be exploited by local x86 HVM client administrators to cause a denial of service unexpected outage and host crash...
UBUNTU-CVE-2015-4103
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service host interrupt handling confusion via vectors related to qemu and accessing spanning multiple fields...
xen-tools -- Potential unintended writes to host MSI message data field via qemu
The Xen Project reports: Logic is in place to avoid writes to certain host config space fields when the guest must nevertheless be able to access their virtual counterparts. A bug in how this logic deals with accesses spanning multiple fields allows the guest to write to the host MSI message data...
Multiple Cross-Site Scripting Vulnerabilities in IBM Business Process Manager
IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in Proce...
CVE-2013-4391
Integer overflow in the validuserfield function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow...
CVE-2013-4391
Integer overflow in the validuserfield function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow...
Integer overflow
Integer overflow in the validuserfield function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow...
Resource Management Errors
Overview Affected versions of this package are vulnerable to Resource Management Errors. Double free vulnerability in the prepareerroras function in doasreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers...