PT-2020-2509 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, which could allow a remote attacker to conduct a...

Cross-site Scripting (XSS)

mailman is vulnerable to cross-site scripting XSS. The vulnerability exists as a cross-site scripting XSS flaw in the driver script of mailman prior to version 2.1.5 could allow remote attackers to execute scripts as other web users...

Zulip Desktop Cross-Site Scripting Vulnerability

Zulip Desktop is a desktop version of the team chat application from Zulip USA. A cross-site scripting vulnerability exists in Zulip Desktop versions prior to 4.0.3, which stems from the program validating user input incorrectly. A remote attacker could exploit the vulnerability to execute script...

CVE-2019-19371

A cross-site scripting XSS vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the join meeting interface. A successful exploit could...

CVE-2019-8503

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website...

Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability (CNVD-2019-02781)

Microsoft Windows Server 2019 and others are a series of operating systems released by Microsoft Corporation, U.S.A. Active Directory Federation Services AD FS is an Active Directory Federation Service that runs on Windows systems. The service provides Web Single Sign-On SSO technology that enabl...

HP Performance Center Cross-Site Scripting Vulnerability

HP Performance Center is a suite of performance load testing software from Hewlett Packard Enterprise HPE. A cross-site scripting vulnerability exists in HP Performance Center version 12.20, which stems from the program failing to filter user-submitted input. A remote attacker could use this...

CVE-2017-7678

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...

Mozilla Firefox MFSA has multiple vulnerabilities (CNVD-2017-04171)

Mozilla Firefox is an open source web browser. Multiple vulnerabilities exist in Mozilla Firefox. An attacker could use this vulnerability to bypass security restrictions to perform unauthorized operations, obtain sensitive information, execute arbitrary script code in the affected application's...

IBM BigFix Cross-Site Scripting Vulnerability

IBM BigFix formerly known as IBM Endpoint Manager, Tivoli Endpoint Manager is a suite of systems management software from the American company IBM. A cross-site scripting vulnerability exists in the BES Gather feature of the IBM BigFix platform, which can be exploited by remote attackers with the...

easyGB 2.1.1 Index.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26335/info easyGB is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

Pickle 0.3 Download.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22703/info picKLE is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

Saskia's Shopsystem 'id' Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38574/info Saskia's Shopsystem is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive informati...

webgrind 1.0 (file param) Local File Inclusion Vulnerability

Webgrind is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Hitachi Tuning Manager Software Cross-Site Scripting Vulnerability

Overview Hitachi Tuning Manager Software contains a cross-site scripting vulnerability. Impact A remote attacker could make a user execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

RWiki cross-site scripting vulnerability

Overview RWiki, software written in Ruby providing Wiki functions, contains a cross-site scripting vulnerability, as content is not adequately escaped for display. Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitra...

MS07-059: Vulnerability in Windows SharePoint Could Result in Elevation of Privilege (942017)

The remote host is running a version of SharePoint Server 2007 or SharePoint Services 3.0 that is vulnerable to a privilege elevation attack in the SharePoint site. An attacker may use this to execute scripts in the context of the SharePoint site. C Tenable Network Security, Inc...

WebIf - OutConfig Local File Inclusion

WebIf - OutConfig Local File Inclusion source: https://www.securityfocus.com/bid/24516/info WebIf is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

Drake CMS 0.3.7 - 404.php Local File Inclusion

Drake CMS 0.3.7 - 404.php Local File Inclusion source: https://www.securityfocus.com/bid/23215/info Drake CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute...

SQLiteManager 1.2 - Local File Inclusion

SQLiteManager 1.2 - Local File Inclusion source: https://www.securityfocus.com/bid/22727/info SQLiteManager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute loca...