WordPress Duplicator Migration 1.2.28 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Duplicator a WordPress Migration Plugin 1.2.28 Duplicator a WordPress Migration Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may...

The vulnerability of the Locator/ID Separation (LISP) protocol implementation in Cisco IOS allows a hacker to bypass the authentication process.

The vulnerability of the Locator/ID Separation LISP protocol implementation in Cisco IOS is related to defects in the authentication process logical error. Exploiting this vulnerability allows a malicious actor to bypass the authentication process by using special registration requests that trigg...

WordPress Pootle Button 1.1.1 Cross Site Scripting

Class Input Validation Error Remote Yes Reflected Yes Credit Ricardo Sanchez Vulnerable Pootle button plugin 1.1.1 Pootle button plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting Vulnerability

WordPress 2kb Amazon Affiliates Store plugin versions 2.1.0 and below suffer from a cross site scripting vulnerability. WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting Vulnerability Class Input Validation Error CVE Remote Yes Reflected Yes Credit rsanchezr Vulnerable 2kb amazon...

WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting

Class Input Validation Error CVE Remote Yes Reflected Yes Credit rsanchezr Vulnerable 2kb amazon affiliates store WP plugin 2kb amazon affiliates store WP plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...

SUSE/Portus 2.2 Cross Site Scripting

Class Input Validation Error Remote Yes Stored Yes Credit rsanchezr Vulnerable SUSE/Portus 2.2 - https://github.com/SUSE/Portus Portus 2.2 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

SUSE / Portus 2.2 Cross Site Scripting Vulnerability

SUSE/Portus version 2.2 suffers from a persistent cross site scripting vulnerability. Class Input Validation Error Remote Yes Stored Yes Credit rsanchezr Vulnerable SUSE/Portus 2.2 - https://github.com/SUSE/Portus Portus 2.2 is prone to a cross-site scripting vulnerability because it fails to...

Cybozu Garoon 3.0.0 - 4.2.5 Multiple XSS Vulnerabilities

Cybozu Garoon is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Foxit PhantomPDF Arbitrary Write RCE Vulnerability - Windows

Foxit PhantomPDF is prone to an arbitrary write vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow (CVE-2017-1092)

A heap buffer overflow exists in IBM's Informix Dynamic Server and Informix Open Admin Tool. The vulnerability is due an input validation error when processing requests sent to index.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request...

Kodak InSite 8.0 Cross Site Scripting

========================================= Class Input Validation Error CVE Remote Yes Local No Credit rsanchezr Vulnerable Kodak InSite 6.5 to 8.0 Kodak InSite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...

Adobe ColdFusion Multiple Vulnerabilities (APSB17-14)

Adobe ColdFusion is prone to cross site scripting XSS and remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Quagga VTY Interface Denial of Service (CVE-2017-5495)

A denial-of-service vulnerability has been discovered in Quagga. The vulnerability is due to an input validation error in the Quagga VTY service. A remote attacker can exploit this vulnerability by sending data without a newline character to a Quagga daemon's VTY interface...

IBM WebSphere Application Server Multiple Vulnerabilities (swg21997743, swg21993797, swg21992315)

IBM WebSphere Application Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apple iTunes Code Execution And Information Disclosure Vulnerabilities (HT207274) - Windows

Apple iTunes is prone to information disclosure and code execution vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Web Server HTTP Request URL Injection (CVE-2014-8150)

A security bypass vulnerability exists in web servers. The vulnerability is due to an input validation error when handling a request's URL contains line feeds and carriage return...

CVE-2016-5392

The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their...

Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)

An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...

phpMyAdmin Multiple Vulnerabilities -01 (May 2016) - Windows

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

Oliver 1.3.0 / 1.3.1 Cross Site Scripting

Advisory Information Title: Multiple Reflected XSS vulnerabilities in Oliver formerly Webshare v1.3.1 Date published: 2016-15-04 Date of last update: 2014-03-04 Vendors contacted: Oliver formerly Webshare v1.3.1 Discovered by: Rv3Laboratory Research Team Severity: Medium 02. Vulnerability...