Snapforce CRM 8.3.0 Cross Site Scripting

Hello Team, Greetings. there is list of xss vulnerabilities and Concurrent login vulnerabilities are in snapforce version 8.3.0 application. Vulnerability List: 1. Stored Cross Site Scripting 2. Stored Cross Site Scripting thorough UI Redirection. 3 Concurrent Login are Allowed Effected URL:...

The vulnerability of the handler in the Sn5Crypto.sys driver of the Secret Net Studio information protection system, which allows a hacker to cause a service failure.

The vulnerability of the handler in the Sn5Crypto.sys driver of the Secret Net Studio information protection system is related to errors during the verification of input parameters. Exploiting this vulnerability can allow attackers to cause service failures...

Input validation

Dell EMC OpenManage Server Administrator OMSA versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete th...

CVE-2019-3723

Dell EMC OpenManage Server Administrator OMSA versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete th...

CVE-2019-3723

CVE-2019-3723 affects Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4. The flaw is a web parameter tampering vulnerability arising from improper input parameter validation, allowing a remote unauthenticated attacker to manipulate web request paramete...

Cisco IOS XE Router Command Injection (cisco-sa-20190513-webui)

Binary data 700665.prm...

Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices

Cisco has disclosed an unpatched, high-severity vulnerability that impacts millions of devices, in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation. Cisco has also disclosed a similarly widely-impacting high-severity bug tha...

CVE-2018-6243

NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability in which missing the input parameter checking of video metadata count may lead to Arbitrary Code Execution, Denial of Service or Escalation of Privileges. Android ID: A-72315075. Severity Rating: High. Version: N/A...

CVE-2018-6241

NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A...

CVE-2018-11854

CVE-2018-11854 affects Qualcomm Snapdragon Mobile WLAN; the root cause is a lack of validation on the input length, which may lead to a buffer overwrite. Affected devices include SD 835, SD 845, SD 850, and SDA660 variants. The vulnerability is categorized with high impact, including confidential...

CVE-2018-11854

Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660...

SQL Injection Vulnerability in Rice CMS V6.0.1

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A SQL injection vulnerability exists in Daimi CMS V6.0.1, which stems from a failure to filter input parameters and can be exploited by an attacker to perform a time-delayed injection...

CVE-2018-7787

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request...

Sql injection

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...

Sql injection

The vulnerability exists within processing of trackgetdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...

Liberapay: Buffer overflow

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an arra...

Telaxus EPESI cross-site scripting vulnerability (CNVD-2017-32707)

Telaxus EPESI is a Polish company Telaxus open source customer relationship management system based on PHP/Ajax framework CRM. The system provides schedule management , multi-user address book , proxy matters and other functions . A cross-site scripting vulnerability exists in the 'Tasks Alerts...

The vulnerability in the embedded microprogramming software of the IP-stack service for Huawei Campus series network switches models S2300, S2700, S3300, S3700, S5300EI, S5700EI, S5300SI, S5700SI, S5300HI, S5700HI, S6300EI, S6700EI, S5710HI, S5300LI, S5700LI, S2350EI, S2750EI, S5720HI, S7700, S9300, S9700 allows a intruder to cause service failure.

The vulnerability of the embedded microprogramming software of the IP-stack service for Huawei Campus series network switches, such as S2300, S2700, S3300, S3700, S5300EI, S5700EI, S5300SI, S5700SI, S5300HI, S5700HI, S6300EI, S6700EI, S5710HI, S5300LI, S5700LI, S2350EI, S2750EI, S5720HI, S7700,...

CVE-2017-12478

It was discovered that the api/storage web interface in Unitrends Backup UB before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system...

EMC Data Protection 'input' Parameter Directory Traversal Vulnerability

EMC Data Protection Advisor is a data protection management solution from EMC Corporation. The solution supports automated and centralized execution of all such data collection and analysis, as well as obtaining a single comprehensive view of the data protection environment and activities. A...