Cross site scripting

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...

CVE-2019-18347

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...

CVE-2019-18347

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...

CVE-2019-18347

DAViCal CalDAV Server (up to version 1.1.8) is affected by CVE-2019-18347 due to insufficient sanitization of unprivileged-set output fields (Username, Display Name, Email), enabling stored XSS that can execute JavaScript for another user. The issue is documented across multiple advisories; Debia...

CVE-2018-3913

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can...

CVE-2018-3913

Samsung SmartThings Hub STH-ETH-250 (Firmware 0.20.17) is affected by a stack-based buffer overflow in the video-core HTTP server’s shard data retrieval. The vulnerability arises from unconstrained strcpy Copy operations when reading fields from the shard table (secretKey, accessKey, sessionToken...

EMC RSA Archer GRC Sensitive Information Disclosure Vulnerability

EMC RSA Archer GRC is an enterprise IT governance and compliance governance product. EMC RSA Archer GRC uses plaintext to store passwords, allowing remote attackers to access sensitive information by reading database fields...

Design/Logic Flaw

EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields...

CVE-2015-4543

EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields...

CVE-2015-0981

The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors...

Authentication flaw

The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors...

CVE-2015-0981

The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors...

Bugzilla Vulnerability Exposes Bug Collections

Hundreds of open source software projects that make use of Bugzilla, Mozilla’s bug-tracking software, anxiously await a patch for a vulnerability that exposes private bugs collected by the system. Mozilla is today expected to make available a patch for the vulnerability in its account creation...

Omnis Studio 2.4 Weak Database Field Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1255/info Omnis Studio 2.4 is a development tool for creating database applications. The tool gives developers the option to encrypt database entries. However, the encryption scheme used is weak and easily broken with any...

CVE-2000-0449

CVE-2000-0449 : Omnis Studio 2.4 uses weak encryption (trivial encoding) to protect database fields. The provided metrics assign a 10.0 base score (HIGH) with network attack vector and complete impact to confidentiality, integrity, and availability. No exploitation details, specific fixes, or rem...

CVE-2000-0449

Omnis Studio 2.4 uses weak encryption trivial encoding for encrypting database fields...