CVE-2017-17089

custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality...

Directory traversal

Multiple directory traversal vulnerabilities in 1 includes/MapImportCSV2.php and 2 includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."...

CVE-2015-7669

Multiple directory traversal vulnerabilities in 1 includes/MapImportCSV2.php and 2 includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."...

CVE-2015-7669

Multiple directory traversal vulnerabilities in 1 includes/MapImportCSV2.php and 2 includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."...

edaeda.ru XSS vulnerability

Open Bug Bounty ID: OBB-457193 Description| Value ---|--- Affected Website:| edaeda.ru Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

phpMars 1.0.9 Cross Site Scripting

Exploit Title: phpMars - Photos Social Network instagram clone - Cross Site Scripting Google Dork: N/A Date: 2017/20/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: http://grohsfabian.com/ Software Buy:...

CVE-2017-17747

CVE-2017-17747 affects the TP-Link TL-SG108E, firmware 1.0.0, where the Logout.htm function has weak access control and can be called from any IP address. This allows an attacker to terminate an authenticated session on a target device, potentially triggering a denial-of-service condition and mak...

Cross site scripting

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692...

[SECURITY] Fedora 27 Update: glibc-2.26-20.fc27

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

brandsworld.com.sg XSS vulnerability

Open Bug Bounty ID: OBB-454505 Description| Value ---|--- Affected Website:| brandsworld.com.sg Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...

ctshirts.com XSS vulnerability

Open Bug Bounty ID: OBB-453142 Description| Value ---|--- Affected Website:| ctshirts.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

Design/Logic Flaw

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the...

CVE-2017-11225

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access --...

CVE-2017-11225

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access --...

CVE-2017-14374

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

CVE-2017-14374

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

Polycom HDX Series RCE

When doing external assessments you spend a decent amount of time footprinting your target and finding possible avenues of attack. Given a large corporate, you are pretty likely to hit video conferencing end-points. This post details a vulnerability in one of these video conferencing systems, the...

How To check Per-App VPN Works on iOS?

The article describes how to validate the proper functionality of Per-App VPN on iOS...

techz.vn XSS vulnerability

Open Bug Bounty ID: OBB-441028 Description| Value ---|--- Affected Website:| techz.vn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

GHSA-RPH7-J9QR-H8Q8 Potential Command Injection in codem-transcode

When the ffprobe functionality is enabled on the server, HTTP POST requests can be made to /probe. These requests are passed to the ffprobe binary on the server. Through this HTTP endpoint it is possible to send a malformed source file name to ffprobe that results in arbitrary command execution...