CVE-2018-12314

Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters...

TerraMaster TOS Cross-Site Scripting Vulnerability (CNVD-2018-26657)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A cross-site scripting vulnerability exists in Control Panel in TerraMaster TOS...

CVE-2018-13335

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions...

Gmail Glitch Offers Stealthy Trick for Phishing Attacks

A strange glitch in Gmail can be exploited to place emails into a person’s “Sent” folder — even if that person never sent them. Researchers who discovered the bug worry that it gives phishers and scammers another avenue to trick unsuspecting users into clicking on malicious links or opening rogue...

CVE-2018-8578

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint...

CVE-2018-8578

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint...

Information disclosure

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint...

Microsoft SharePoint Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of...

Joomla! 1.5.x < 3.7.0 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists in the JMail API due to PHPMail version information being included in mail headers. An unauthenticated, remote attacker can exploit this to disclose sensitive...

[SECURITY] Fedora 28 Update: roundcubemail-1.3.8-1.fc28

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 27 Update: roundcubemail-1.3.8-1.fc27

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities

Summary Rational DOORS Web Access has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-8034 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a missing host name verification when using TLS with the WebSocket client. ...

Cross site scripting

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...

CVE-2018-18579

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...

CVE-2018-18579

DedeCMS 5.7 SP2 is affected by a reflected XSS vulnerability in the /member/pm.php endpoint, exploitable via the folder parameter. The vulnerable component is DedeCMS’s web interface; input in the folder parameter can be reflected back to the user, enabling arbitrary script/HTML execution in a us...

CVE-2018-15590

Ivanti Workspace Control before 10.3.0.0 and RES One Workspace are affected by CVE-2018-15590, where a locally authenticated user can bypass file and folder security restrictions via an unspecified attack vector. Public sources describe a local security bypass with partial confidentiality impact;...

CVE-2018-15590

An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector...

Directory traversal

An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI...

Quick Heal Technologies Seqrite EndPoint Security Elevation of Privilege Vulnerability

Quick Heal Technologies Seqrite EndPoint Security EPS is a suite of endpoint security protection solutions from Quick Heal Technologies India. The product features device control, vulnerability scanning, patch management and asset management. An elevation of privilege vulnerability exists in Quic...

Seqrite End Point Security 7.4 - Privilege Escalation

Seqrite End Point Security 7.4 - Privilege Escalation Exploit Title: Seqrite End Point Security 7.4 - Privilege Escalation Date: 2018-09-13 Exploit Author: Hashim Jawad - @ihack4falafel Vendor Homepage: https://www.seqrite.com/ Tested on: Windows 7 Enterprise SP1 x64 CVE: CVE-2018-17775...