Cross-Site Scripting (XSS)

Apache Struts is vulnerable to cross-site scripting. A lack of validation in the parameter name allows a remote attacker to inject arbitrary Javascript through an error message. The vulnerability affects LookupDispatchAction, DispatchAction and ActionDispatcher...

Cross-Site Scripting (XSS)

Apache Struts is vulnerable to cross-site scripting. Lack of input validation and sanitization on the query string allows a remote attacker to inject arbitrary Javascript into a victim's browser when the reuest handler generates an error message...

PAYFORT payfort-php-SDK cross-site scripting vulnerability

PayFort is an online payment gateway. payfort-php-SDK is the PayFort payment gateway SDK. A cross-site scripting vulnerability exists in Amazon PAYFORT payfort-php-SDK on 2018-04-26 and earlier versions, which can be exploited by an attacker via the error.php errormsg parameter to conduct a...

Path traversal

An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message...

CVE-2017-1119

IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attack...

Design/Logic Flaw

IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attack...

CVE-2017-1119

IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attack...

CVE-2017-1119

IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attack...

Design/Logic Flaw

IBM Jazz based applications IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality...

CVE-2018-1606

IBM Jazz based applications IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality...

openssl security update

1.0.2k-16.0.1 - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on FIPS DSA parameter generation 1603597 1.0.2k-14 - ppc64le is not multilib architecture 1585004...

openssl security, bug fix, and enhancement update

1.0.2k-16.0.1 - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on FIPS DSA parameter generation 1603597 1.0.2k-14 - ppc64le is not multilib architecture 1585004...

Unrestricted file upload

The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message...

Virtual Apps | Error "We can't sign in to your account"

...

Nextcloud: Gallery: No feedback for invalid password

CVSS ---- Low 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Description ----------- The Gallery plugin does not inform a user when password-protecting a file failed in combination with the Password Policy plugin. Because of this, files that the user will rightfully assume to be...

Replication Error: The name '{vmname}' already exists.

Challenge Veeam Backup & Replication replication job fails with the following error message: Processing Error: The name 'replica' already exists. When the error above occurs within Veeam Backup & Replication the following correlating event can be found within the vSphere Events. Cause This error...

Citrix Receiver for Web: Error "Cannot complete your request"

Error messages: "Cannot complete your request" on browser when accessing Store for web...

CVE-2018-1753

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514...

Design/Logic Flaw

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514...

CVE-2018-1753

CVE-2018-1753 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.6 (2.6.0.4), 2.7 (2.7.0.3), and 3.0 (3.0.0.1). The vulnerability arises from an error message that exposes sensitive information about the environment, users, or associated data. Impact is ...