Tiki Wiki CMS Groupware cross-site scripting vulnerability (CNVD-2016-13244)

Tiki Wiki CMS is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A cross-site scripting vulnerability exists in forms with the...

phpmailer -- Remote Code Execution

Legal Hackers reports: An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To...

CVE-2016-6934

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks...

CVE-2016-6933

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks...

CVE-2016-6933

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks...

Cross site scripting

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks...

CVE-2016-6934

CVE-2016-6934 affects Adobe Experience Manager Forms (versions 6.2 and earlier) and LiveCycle (11.0.1 and 10.0.4) with an input validation issue in the PMAdmin module that can enable cross-site scripting. Public sources link this to two input-validation vulnerabilities in AEM Forms; NVD lists CVS...

CVE-2016-6933

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks...

CVE-2016-6933

CVE-2016-6933 affects Adobe Experience Manager Forms (Versions 6.2 and earlier) and LiveCycle (11.0.1, 10.0.4) with an input validation issue in the AACComponent that could be exploited for cross-site scripting. Connected advisories (e.g., APSB16-40) indicate Adobe released security updates addre...

APSB16-40 Security updates available for Adobe Experience Manager Forms (LiveCycle)

Adobe has released security updates for Adobe Experience Manager AEM Forms on Windows, Linux, Solaris and AIX. These updates resolve two important input validation issues that could be used in cross-site scripting attacks CVE-2016-6933 and CVE-2016-6934. Adobe recommends users apply the available...

Ruby on Rails: CSRF header is sent to external websites when using data-remote forms

Looks like there is a regression in the fix for CVE-2015-1840 H1 report. The origin isn't being checked before adding a CSRF header to data-remote forms. I noticed this when checking out the new rails-ujs repo. Example Rails template: submit Example http://attacker.com app require "sinatra" optio...

Drupal Multiple Vulnerabilities (Dec 2016) - Windows

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

CVE-2016-2884

Cross-site request forgery CSRF vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2016-2884

Cross-site request forgery CSRF vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2016-2884

IBM Forms Experience Builder is vulnerable to cross-site request forgery when configured with non-default settings. The issue arises from improper validation of user-supplied input, enabling a remote attacker to craft requests authenticated as the user and potentially insert XSS sequences. Affect...

CVE-2016-2884

Cross-site request forgery CSRF vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...

FreeBSD : Drupal Code -- Multiple Vulnerabilities (8db24888-b2f5-11e6-8153-00248c0c745d)

The Drupal development team reports : Inconsistent name for term access query Less critical - Drupal 7 and Drupal 8 Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities b...

CVE-2016-9451

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors...

Open redirect

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors...