Stack overflow

Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management ZCM allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2017-10182

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Export Functionality. Supported versions that are affected are 5.4.0.x, 5.4.1.x and 5.4.3.x. Difficult to exploit vulnerability allows high privileged attacker with...

fitness.manualsonline.com XSS vulnerability

Vulnerable URL: http://fitness.manualsonline.com/search.html?q="...

pdfstuff4u.com XSS vulnerability

Vulnerable URL: http://pdfstuff4u.com/search.php?q=...

CVE-2017-11356

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control...

Legal Robot: Unable to change profile picture

Unable to change profile picture.Functionality issue...

Trend Micro InterScan Messaging Security Proxy Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Messaging Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

CVE-2017-2834

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...

x11.com.br XSS vulnerability

Open Bug Bounty ID: OBB-267655 Description| Value ---|--- Affected Website:| x11.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

[SECURITY] Fedora 25 Update: phpldapadmin-1.2.3-10.fc25

PhpLDAPadmin is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server. Its hierarchical tree-viewer and advanced search functionality make it intuitive to browse and administer your LDAP director y. Since it is a web application, this...

aerokurier.de XSS vulnerability

Vulnerable URL: http://www.aerokurier.de/suche/index.php?enableCompounds=false=%2Fwww%2FxmlResult.jsp=26=0=date=10=0=a%3E%27%3E%22%3Et%3Ci%3Ep%3Cimg%20src=y%20onerror=alertopenbugbounty%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.09.2017 Vulnerability type:| XS...

nuwber.de XSS vulnerability

Vulnerable URL: https://nuwber.de/search?q=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert%28%2Fopenbugbounty%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 555946 V...

topxlive.com XSS vulnerability

Vulnerable URL: http://topxlive.com/search/?q=...

Authentication flaw

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...

CVE-2017-4052

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...

Patch Tuesday - July 2017

Most of the critical vulnerabilities patched this month concern client-side systems, with 14 separate Remote Code Execution RCE issues being addressed for the Microsoft Edge browser and five for Internet Explorer. One of the three Adobe Flash Player vulnerabilities being patched is also a critica...

Cross site scripting

FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in 1 the User-Agent header of an HTTP request or 2 the username entered on the login screen...

CVE-2017-11180

FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in 1 the User-Agent header of an HTTP request or 2 the username entered on the login screen...

CVE-2017-11180

CVE-2017-11180 affects FineCMS up to 2017-07-11; the issue is a stored XSS in the logging functionality. The payloads demonstrated involve (1) the User-Agent header of HTTP requests and (2) the username entered on the login screen. The root cause is that log processing allows XSS content to be st...

meubis.be XSS vulnerability

Vulnerable URL: https://www.meubis.be/nl/zoeken/?q=%22%3E%3Cimg%20src=%22%22%20onerror=prompt%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 03.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 665365 VIP websit...