cis355.duraken.com Cross Site Scripting vulnerability OBB-1317265

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0039)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially...

Siemens SIMATIC HMI Products (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC HMI Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authentication Bypass by Primary Weakness 2. UPDATE INFORMATION This updated advisory is a...

KLA12057 Multiple vulnerabilities in Cisco Jabber

Multiple vulnerabilities were found in Cisco Jabber. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. OSI vulnerability in Cisco Jabber can be exploited remotely via special crafted message t...

Cross-Site Scripting in md-data-table

All versions of md-data-table are vulnerable to cross-site scripting XSS. This vulnerability is exploitable if an attacker has control over data that is rendered by mdt-row Recommendation As there is no fix for this vulnerability at this time we recommend either selecting another package to perfo...

CVE-2020-6141

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability...

Sql injection

An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2020-6124

An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Sql injection

An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

OS4Ed openSIS login SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...

OS4Ed openSIS CoursePeriodModal.php page multiple SQL injection vulnerabilities

Summary Multiple exploitable SQL injection vulnerabilities exist in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7...

Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer

In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 78...

Memory corruption vulnerability exists in WPS Office Campus Edition of Zhuhai Kingsoft Office Software Co. Ltd (CNVD-2020-56370)

WPS Office Campus is a lifetime free office software for teachers and students. A memory corruption vulnerability exists in WPS Office Campus Edition of Zhuhai Kingsoft Office Software Company Limited, which can be exploited by attackers to cause the program to crash...

Information Disclosure

mysql server is vulnerable to information disclosure. An easily exploitable vulnerability allows privileged user to affect the confidentiality of the application...

Denial Of Service (DoS)

mysql server is vulnerable to denial of service. An easily exploitable vulnerability allows privileged user to affect the availability of the application...

Denial Of Service (DoS)

mysql server is vulnerable to denial of service. An easily exploitable vulnerability allows privileged user to affect the availability of the application...

Denial Of Service (DoS)

mysql server is vulnerable to denial of service. An easily exploitable vulnerability allows a privileged user to affect the availability of the application...

(0Day) Horde Groupware Webmail Edition Collection portal_layout Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within Collection.php. When parsing the portallayout parameter, the process does no...

Cross site scripting

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Toke...

Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules

Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. The flaw could allow an unauthenticated, remote attacker to achieve escalated privileges. The recently patched flaw CVE-2020-8708 ranks 9.6 out of 10 on the CVSS...