242 matches found
UBUNTU-CVE-2019-9834
DISPUTED The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the...
PT-2019-19884 · Netdata +2 · Netdata +2
Name of the Vulnerable Software and Affected Versions: Netdata web application versions prior to 1.13.0 Description: The issue allows remote attackers to inject malicious HTML code into an imported snapshot. Successful exploitation can lead to the execution of attacker-supplied HTML in the contex...
FreeBSD : Gitlab -- Multiple vulnerabilities (467b7cbe-257d-11e9-8573-001b217b3468)
Gitlab reports : Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persiste...
Moodle Remote Code Execution Vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in Moodle. The vulnerability can be exploited by an...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...
CVE-2018-7747
Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...
CVE-2018-7747
Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...
CVE-2018-7747
Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...
FG Joomla to WordPress <= 3.30.0 - XSS in the AJAX Imported
The FG Joomla to WordPress WordPress plugin was affected by a XSS in the AJAX Imported security vulnerability...
Hipchat Server Arbitrary Code Execution Vulnerability
Hipchat Server is a set of team chat tools that supports group and 1-to-1 voice and video chat with screen sharing. A security vulnerability exists in Hipchat Server versions prior to 2.2.3. A remote attack could exploit the vulnerability to execute arbitrary code via an imported file...
SAP Adaptive Server Enterprise SQL Injection Vulnerability
SAP Adaptive Server Enterprise ASE is a high-performance relational database management system of Germany SAP SAP. A SQL injection vulnerability exists in SAP ASE 16.0 SP02 PL03 and earlier versions. An attacker can exploit this vulnerability to gain system administrator privileges via dbcc...
Digitally Imported Radio - Exported components, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Digitally Imported Radio published at the 'play' market has multiple vulnerabilities...
openSUSE Security Update : tiff (openSUSE-2016-101)
This update to tiff 4.0.6 fixes the following issues : - CVE-2015-7554: Out-of-bounds write in the thumbnail and tiffcmp tools allowed attacker to cause a denial of service or have unspecified further impact bsc960341 - bsc942690: potential out-of-bound write in NeXTDecode 2508 This update was...
CVE-2015-1341
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function pythonmodulepath...
PEframe - Tool to perform static analysis on Portable Executable malware
PEframe is a open source tool to perform static analysis on Portable Executable malware. Usage $ peframe malware.exe $ peframe --option malware.exe Options --json Output in json --import Imported function and dll --export Exported function and dll --dir-import Import directory --dir-export Export...
AlienVault OSSIM NBE import hostname/IP cross-site scripting vulnerability
AlienVault OSSIM or Open Source Security Information Management is a popular open source security management system. AlienVault OSSIM handles NBE imported hostname/ip with a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious scripts or...
CVE-2008-3860
Multiple cross-site scripting XSS vulnerabilities 1 in the WYSIWYG editors, 2 during local group creation, 3 during HTML redirects, 4 in the HTML import, 5 in the Rich text editor, and 6 in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inje...
CVE-2007-3032
Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported...
Design/Logic Flaw
Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported...
CVE-2007-3032
Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported...