Arbitrary Code Execution Vulnerability in HTTP Request Parser of Multiple Schneider Electric Products

Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric France.HTTP request parser is one of the HTTP request parsers. A security vulnerability exists in the HTTP request parser in several Schneider Electric products. A remote attacker could...

emforster.de XSS vulnerability

Open Bug Bounty ID: OBB-611287 Description| Value ---|--- Affected Website:| emforster.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

VirtueMart Cross-Site Scripting Vulnerability

VirtueMart is an open source e-commerce solution compatible with Joomla! The solution supports 128-bit HTTPS encryption, support for different language switching and currency switching and other features. A cross-site scripting vulnerability exists in versions prior to VirtueMart 3.2.14. A remote...

CVE-2016-8384

An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter...

chromium-browser: Incorrect handling of plaintext files via file://

Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page...

Apple macOS High Sierra Mail Man-in-the-Middle Attack Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple Inc. for Mac computers.Mail is one of the email components. A security vulnerability exists in the handling of S/MIME HTML email messages in the Mail component in Apple macOS High Sierra versions prior to 10.13.4. An...

CVE-2018-2879

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware subcomponent: Authentication Engine. Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2018-2849

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite subcomponent: Web Access. Supported versions that are affected are 16.2 and 17.1 - 17.12. Easily exploitable vulnerability allows low privileged attacker with network...

LogMeIn LastPass Denial of Service Vulnerability

LogMeIn LastPass is a free, cross-platform online password management tool from LogMeIn USA. The tool can be integrated with browsers and provides them with password management, autofill forms and other features, supporting random password generation, import and export passwords, multiple...

CVE-2018-0956

A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

CVE-2018-9031

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...

IBM Rational Collaborative Lifecycle Management Jazz Foundation Information Disclosure Vulnerability

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines RTC, RQM, and RRC products in an IBM SmartCloud Enterprise cloud environment image to provide requirements management, change and...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2018-07269)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions prior to 2.4.30. An attacker can exploit this vulnerability b...

Embedthis Software Appweb Embedthis HTTP Library Authentication Bypass Vulnerability

Embedthis Software AppWeb is a fast and small web server from Embedthis Software, USA, which is mainly used for embedded applications, devices and web services with support for security defense policies, digest authentication, virtual hosting, etc. HTTP library is one of the HTTP libraries. The...

The vulnerability of the Apsis Pound proxy server, related to HTTP request processing flaws, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apsis Pound proxy server is related to HTTP request processing flaws. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely, using specially crafted headers for such attacks...

The vulnerability of the TCP packet processing driver in Snort and Suricata IDS systems allows attackers to bypass network attack detection functions.

The vulnerability of the TCP packet processing driver in Snort and Suricata IDS systems is related to the implementation of an internal mechanism for handling TCP connections. Exploiting this vulnerability allows a malicious actor to bypass the network attack detection functions, which are...

The vulnerability in the NetTransport.exe executable of the NetTransport download manager allows a hacker to execute arbitrary code.

The vulnerability in the NetTransport.exe executable of the NetTransport download manager is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on NAS devices using specially crafted HTTP responses...

OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

CVE-2018-7303

The Calendar component in Tiki 17.1 allows HTML injection...

DEBIAN-CVE-2018-6794

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...