8688 matches found
CVE-2017-15610
An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the...
CVE-2017-14956
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...
Cross site request forgery (csrf)
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...
CVE-2017-14956
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...
CVE-2017-14956
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizardemail.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address...
Unspecified Vulnerability in Oracle Hospitality Simphony (CNVD-2017-31506)
Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. Oracle Hospitality Simphony is one of the cloud-based mobile food and beverage sales components of the solution, which provides human resource cos...
Unspecified Vulnerability in Oracle Hospitality Simphony (CNVD-2017-31509)
Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. Oracle Hospitality Simphony is one of the cloud-based mobile food and beverage sales components of the solution, which provides human resource cos...
Unspecified Vulnerability in Oracle Hospitality Simphony (CNVD-2017-31507)
Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. Oracle Hospitality Simphony is one of the cloud-based mobile food and beverage sales components of the solution, which provides human resource cos...
AlienVault USM Cross-Site Request Forgery Vulnerability
AlienVault USM is a set of security management platforms from AlienVault USA. The platform provides security monitoring, security event management and reporting, threat awareness system and other functions. A cross-site request forgery vulnerability exists in AlienVault USM 5.4.2 and earlier...
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
AlienVault Unified Security Management USM 5.4.2 - Cross-Site Request Forgery 1. ADVISORY INFORMATION ======================= Product: AlienVault USM Vendor URL: https://www.alienvault.com Type: Cross-Site Request Forgery CWE-253 Date found: 2017-09-22 Date published: 2017-10-13 CVSSv3 Score: 6.5...
WordPress cp-contact-form-with-paypal plugin cross-site request forgery vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. cp-contact-form-with-paypal aka CP Contact Form with PayPal plugin is one of the payment plugins. A cross-site...
CVE-2017-14369
RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records...
Description of the security update for SharePoint Foundation 2013: October 10, 2017
Description of the security update for SharePoint Foundation 2013: October 10, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
EMC RSA Archer product elevation of privilege vulnerability
The RSA Archer GRC Platform provides a common foundation for managing policies, controls, risks, assessments, and defects across your business. An elevation of privilege vulnerability exists in RSA Archer GRC Platform, which could be exploited by a low-privileged RSA Archer user to elevate their...
[SECURITY] Fedora 27 Update: rawtherapee-5.2-2.fc27
Rawtherapee is a RAW image processing software. It gives full control over many parameters to enhance the raw picture before finally exporting it to some common image format...
jira xml export does not escape label and component values
searchrequest-sml endpoint html encodes issue description text, but not issue labels or component. This means that other plugins / products relying on this end point for these values are vulnerable to XSS attacks, see linked issue. Please html encode these string values : example...
Bitwarden: Export vault feature is vulnerable to CSV injection
Hello guys I don't know if you care about this issue but it seems that the export feature in your https://vault.bitwarden.com//tools is vulnerable to CSV injection. If a CSV contains a malicious command it may have big impact Even though there is a popup notification for users before opening the...
[SECURITY] Fedora 25 Update: gtatool-2.2.0-6.fc25
Gtatool is a command line tool to manipulate GTAs. It provides a set of commands that manipulate GTAs on various levels: array element components, array dimensions, whole arrays, and streams of ar rays. For example, you can add components to array elements, merge separate arrays into combined...
Inventus - A Spider Designed To Find Subdomains Of A Specific Domain By Crawling
Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers. It's a Scrapy spider, meaning it's easily modified and extendable to your needs. Demo Requirements Linux -- I haven't tested this on Windows. Python 2.7 or Python 3.3+ Scrapy 1.4....
Threat Outbreak Alert RuleID30637: Email Messages Distributing Malicious Software on September 18, 2017
Medium Alert ID: 55318 First Published: 2017 September 18 14:18 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID30637 may contain the following files: Name ...