s-cms SQL Injection Vulnerability

s-cms is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in s-cms 3.0. A remote attacker can exploit the vulnerability by providing the '0id' parameter to the member/post.php file or POST data to the member/memberlogin.php file to log into the system...

User Management Cross-Site Scripting Vulnerability

User Management is a user manager. A cross-site scripting vulnerability exists in the upload section of User Management version 1.1. A remote attacker can use this vulnerability to inject arbitrary web script or HTML...

Google Chrome Extensions UI Spoofing Vulnerability

Google Chrome is a web browser developed by Google, Inc.Extensions is one of the browser extensions. A security vulnerability exists in Extensions in Google Chrome versions prior to 70.0.3538.67. The vulnerability can be exploited by remote attackers to spoof the contents of an extension pop-up...

Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-22408)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the conversion of HTML files to PDF in Foxit Reader 9.2.0.9297 and earlier versions a...

Foxit Reader and Foxit PhantomPDF for Windows Out-of-Bounds Read Vulnerability (CNVD-2018-23228)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. An out-of-bounds read vulnerability exists in the conversion of HTML files to PDF in Foxit Reader 9.2.0.9297 and earlier versions a...

USN-3794-1: MoinMoin vulnerability

It was discovered that MoinMoin incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information...

Foreman cross-site scripting vulnerability (CNVD-2018-21250)

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A cross-site scripting vulnerability exists in Foreman 1.18 and later versions, which stems from the...

spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service

A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing...

Cisco RV180W Wireless-N Multifunction VPN Router WEB Framework Directory Traversal Vulnerability

The Cisco RV180W Wireless-N Multifunction VPN Router is a multifunction VPN router device. A directory traversal vulnerability exists in the Cisco RV180W Wireless-N Multifunction VPN Router WEB framework, which stems from the program failing to properly filter user-submitted input in HTTP request...

Cisco Catalyst 3650 and 3850 Series Switches IOS XE Software Denial of Service Vulnerability

The Cisco Catalyst 3650 and 3850 Series Switches are switch products from Cisco, Inc.IOS XE Software is a set of operating systems developed by Cisco for its network devices that run on them. A denial of service vulnerability exists in the IOS XE Software in the Cisco Catalyst 3650 and 3850 Serie...

BSA-2018-710

Security Advisory ID : BSA-2018-710 Component : Apache HTTPD Revision : 1.0: Final In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only...

ALPINE-CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

DEBIAN-CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

Wordpress Arigato Autoresponder and Newsletter Cross-Site Scripting Vulnerability (CNVD-2019-29709)

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Arigato Autoresponder and Newsletter is an autoresponder plugin used in... A cross-site scripting vulnerability exists in the...

razorCMS HTML Injection Vulnerability

razorCMS is an open source content management system written in PHP, which stores all data in flat files, so there is no need to install a database. An HTML injection vulnerability exists in razorCMS version 3.4.7, which can be exploited by attackers to execute malicious code...

CVE-2018-8479

A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK...

CVE-2018-15502

Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs...

chromium-browser: User confirmation bypass in external protocol handling

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...

chromium-browser: Integer overflow in Skia

Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

The vulnerability of the built-in web server of Schneider Electric’s Modicon Premium, Modicon Quantum PLC, Modicon M340, and Modicon BMXNOR0200 allows a perpetrator to execute arbitrary code.

The vulnerability of Schneider Electric Modicon BMXNOR0200 embedded web servers is related to an error in HTTP request analysis. Exploiting this vulnerability allows a remote attacker to execute arbitrary code on the web server using specially crafted HTTP requests...