CVE-2018-6586

CA API Developer Portal 3.5 up to and including 3.5 CR6 contains a stored cross-site scripting vulnerability in profile picture handling due to insufficient input filtering. Impact is partial integrity loss via script execution in the context of the user viewing the affected portal. The CVE is co...

CVE-2018-6587

CA API Developer Portal versions 3.5 up to and including 3.5 CR6 are affected by a reflected cross-site scripting vulnerability in the widgetID variable. The root cause is insufficient filtering of user-submitted HTML code in the widgetID handling, enabling arbitrary script execution. CVSS metric...

PT-2018-17652 · Ca · Ca Api Developer Portal

Name of the Vulnerable Software and Affected Versions: CA API Developer Portal versions 3.5 up to and including 3.5 CR5 Description: The issue is related to a reflected cross-site scripting vulnerability in the apiExplorer. Recommendations: For CA API Developer Portal versions 3.5 up to and...

PT-2018-17651 · Ca · Ca Api Developer Portal

Name of the Vulnerable Software and Affected Versions: CA API Developer Portal versions 3.5 up to and including 3.5 CR6 Description: The issue is related to a reflected cross-site scripting vulnerability. This vulnerability is associated with the widgetID variable. Recommendations: For CA API...

PT-2018-17650 · Ca · Ca Api Developer Portal

Name of the Vulnerable Software and Affected Versions: CA API Developer Portal versions 3.5 up to and including 3.5 CR6 Description: The issue is related to a stored cross-site scripting vulnerability in the processing of profile pictures. Recommendations: For CA API Developer Portal versions 3.5...

Joomla内核SQL注入漏洞（CVE-2018-8045)

作者：绿盟科技 来源： CVE-2018-8045 漏洞简介 漏洞具体情况可参见绿盟科技安全威胁周报-201812周 Joomla! Core SQL注入漏洞： NSFOCUS ID：39158 CVE ID：CVE-2018-8045 受影响版本：Joomla! Joomla! 3.5.0-3.8.5 漏洞点评：Joomla是一套网站内容管理系统,使用PHP语言和MySQL数据库开发。Joomla! 3.5.0 -3.8.5版本对SQL语句内的变量缺少类型转换，导致User Notes列表视图内SQL注 入漏洞，可使攻击者访问或修改数据等。目前厂商已经发布了升级补丁，修复了这个...

mobilejoomla, 2.1.24, malcious redirects

mobilejoomla,2.1.24, malicious redirects. google adsense file added that may redirect all sites adsense revenue to the developer. File is not deleted on removing extension. Developer statement Extension Update Details Previously the free version of the Mobile extension added a file called ads.txt...

TinyFTP Daemon vulnerable to buffer overflow

Overview TinyFTP Daemon provided by Hisayuki Nomura is a FTP File Transfer Protocol server. TinyFTP Daemon contains a buffer overflow vulnerability CWE-121. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on December 5, 2017, it was judged that an...

PHP 2chBBS vulnerable to cross-site scripting

Overview PHP 2chBBS provided by Kagaminokuni is software that can be downloaded from the Internet. PHP 2chBBS is a bulletin board software that can be used by placing it on a website. PHP 2chBBS contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing...

KLA11210 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in .NET Core can be exploited remotely via specially...

JVN#87226910: WebProxy vulnerable to directory traversal

WebProxy provided by LunarNight Laboratory is software for creating a proxy server. WebProxy contains a directory traversal vulnerability CWE-22 due to a flaw in processing certain requests. Impact A remote attacker may create an arbitrary file on the server where the product is running. Solution...

JVN#56764650: ViX may insecurely load Dynamic Link Libraries

ViX provided by Ｋ＿ＯＫＡＤＡ is a Graphics Viewer Software for Windows. ViX contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries contained in the same directory as an image file CWE-427. Impact Arbitrary code may be executed with the privileges of the...

chromium-browser: xss in interstitials

XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page...

Oracle Database Server XML Developer Kit Component Unspecified Vulnerability

Oracle Database Server is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle Database Server Multiple Unspecified Vulnerabilities-04 (Mar 2018)

Oracle Database Server is prone to multiple unspecified security vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

JVN#56132776: Multiple vulnerabilities in Jubatus

Jubatus provided by Jubatus Community contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0524 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 5.6 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score: 6.8 Directory...

Cross site scripting

An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code up to 64 characters into a text field in Designer Studio, after establishing context. Designer Studio is the...

CVE-2017-17478

An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code up to 64 characters into a text field in Designer Studio, after establishing context. Designer Studio is the...

CVE-2017-17478

Pegasystems Pega Platform Designer Studio is affected by a Cross-Site Scripting (XSS) vulnerability (CVE-2017-17478). A user with developer credentials can insert up to 64 characters of malicious code into a text field in Designer Studio after establishing context, with the payload executing when...

CVE-2017-17478

An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code up to 64 characters into a text field in Designer Studio, after establishing context. Designer Studio is the...