[SECURITY] Fedora 27 Update: glibc-2.26-30.fc27

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Cisco Enterprise NFV Infrastructure Software Input Validation Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. An input validation vulnerability exists ...

awww.fanpop.com XSS vulnerability

Open Bug Bounty ID: OBB-673682 Description| Value ---|--- Affected Website:| awww.fanpop.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

schmid-bus.de XSS vulnerability

Open Bug Bounty ID: OBB-673479 Description| Value ---|--- Affected Website:| schmid-bus.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

filmundo.de XSS vulnerability

Open Bug Bounty ID: OBB-673246 Description| Value ---|--- Affected Website:| filmundo.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-13823

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information...

CVE-2018-13826

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks...

CVE-2018-13826

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks...

CVE-2018-13826

CA PPM XOG module suffers an XML External Entity (XXE) vulnerability that enables server-side request forgery. Affected are CA PPM versions 14.3 and below; 14.4; 15.1; 15.2 CP5 and below; 15.3 CP2 and below. The issue arises in the XOG functionality and is documented across CVE-2018-13826 entries...

CVE-2018-13826

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks...

GHSA-2HXV-MX8X-MCJ9 Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating...

Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Spina::ApplicationController actions didn't have CSRF protection. This causes a CSRF vulnerability across the entire engine which includes administrative functionality such as creating...

vzr.nl XSS vulnerability

Open Bug Bounty ID: OBB-669565 Description| Value ---|--- Affected Website:| vzr.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Design/Logic Flaw

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference IDOR via the Poll ID, leading to the ability of a single user to select multiple Poll Options e.g., vote for multiple items...

PT-2018-6277 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: A denial of service issue exists due to leftover demo functionality, allowing an attacker to reboot the device without authentication by sending a UDP packet. Recommendations: For version 1012, consider...

montecarmoshopping.com.br XSS vulnerability

Open Bug Bounty ID: OBB-667929 Description| Value ---|--- Affected Website:| montecarmoshopping.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

alzforum.org XSS vulnerability

Open Bug Bounty ID: OBB-667546 Description| Value ---|--- Affected Website:| alzforum.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

allstareventtickets.com XSS vulnerability

Open Bug Bounty ID: OBB-666781 Description| Value ---|--- Affected Website:| allstareventtickets.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

[SECURITY] Fedora 28 Update: gdm-3.28.3-1.fc28

GDM, the GNOME Display Manager, handles authentication-related backend functionality for logging in a user and unlocking the user's session after it's been locked. GDM also provides functionality for initiating user-switc hing, so more than one user can be logged in at the same time. It handles...

CVE-2018-11511

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the ‘albumid’ or ‘scope’ parameter via a photo-gallery/api/album/treelists/ URI. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...