Micro Focus openSUSE NextCloud Elevation of Privilege Vulnerability

Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the U.K. NextCloud is a private cloud building software used in it. A security vulnerability exists in NextCloud in Micro Focus openSUSE, which stems from the program failing to securely use /srv/www/htdocs. During a...

CVE-2017-9286 nextcloud package security issues with /srv/www/htdocs

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

Design/Logic Flaw

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices have XSS in the action parameter to htdocs/web/wpsacts.php...

CVE-2017-14416

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices have XSS in the action parameter to htdocs/web/wandetect.php...

Design/Logic Flaw

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices have XSS in the action parameter to htdocs/web/sitesurvey.php...

CVE-2017-14413

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices have XSS in the action parameter to htdocs/web/wpsacts.php...

CVE-2017-14413

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices have XSS in the action parameter to htdocs/web/wpsacts.php...

CVE-2017-14423

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests...

CVE-2017-14415

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices have XSS in the action parameter to htdocs/web/sitesurvey.php...

SQL Injection

Dolibarr is vulnerable to SQL injection attacks. The library doesn't handle the statut parameter correctly in htdocs/don/list.php, allowing a malicious user to inject and execute arbitrary SQL commands...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 CompanyName, 2 CompanyAddress, 3 CompanyZip, 4 CompanyTown, 5 Fax, 6 EMail, 7 Web, 8 ManagingDirectors, 9 Note, 10 Capital, 11 ProfId1, 12...

CVE-2017-14239

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 CompanyName, 2 CompanyAddress, 3 CompanyZip, 4 CompanyTown, 5 Fax, 6 EMail, 7 Web, 8 ManagingDirectors, 9 Note, 10 Capital, 11 ProfId1, 12...

CVE-2017-14239

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 CompanyName, 2 CompanyAddress, 3 CompanyZip, 4 CompanyTown, 5 Fax, 6 EMail, 7 Web, 8 ManagingDirectors, 9 Note, 10 Capital, 11 ProfId1, 12...

CVE-2017-14241

Cross-site scripting XSS vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php...

CVE-2017-12139

CVE-2017-12139 affects XOOPS Core 2.5.8 with a stored XSS in imagemanager.php due to missing MIME type validation in htdocs/class/uploader.php. The issue is caused by inadequate validation of uploaded content, enabling an attacker to inject malicious script when the affected page is viewed. Conne...

CVE-2017-11107

phpLDAPadmin through 1.2.3 has XSS in htdocs/entrychooser.php via the form, element, rdn, or container parameter...

CVE-2017-11107

phpLDAPadmin through 1.2.3 has XSS in htdocs/entrychooser.php via the form, element, rdn, or container parameter...

DzSoft PHP Editor 4.2.7 - File Enumeration

DzSoft PHP Editor 4.2.7 - File Enumeration + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt + ISR: ApparitionSec Vendor: ============== www.dzsoft.com Product:...

Pivotal Cloud Foundry Elastic Runtime Information Disclosure Vulnerability

Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Elastic Runtime is a runtime environment for Pivotal Cloud Foundry. Cloud Foundry PHP...

seacms /htdocs/seacms/member.php id参数 SQL注入

No description provided by source...