The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks using a specially...

PT-2023-12184 · Countly · Countly

Name of the Vulnerable Software and Affected Versions: Countly versions prior to 21.11 Description: The issue allows for cross-site scripting. To exploit this, the victim must follow a malicious link or be redirected from a malicious website. The attacker needs to have an account or be able to...

The vulnerability of the Ragic Cloud DB network storage solution provided by QNAP NAS allows attackers to execute XSS attacks.

The vulnerability of the Ragic Cloud DB network storage solution provided by QNAP NAS exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially created link...

Ryde Technologies RYDE 信任管理问题漏洞

Ryde Technologies RYDE is a travel software from Ryde Technologies, USA. A security vulnerability exists in Ryde Technologies RYDE version 5.8.43 and earlier, which stems from an information disclosure due to insecure hostname authentication on Android and iOS, and can be exploited by an attacker...

The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

The vulnerability of the Kaspersky VPN Secure Connection remote access tool lies in its ability to delete arbitrary files from the system, allowing a hacker to increase their privileges.

The vulnerability of the Kaspersky VPN Secure Connection remote access tool relates to the possibility of deleting arbitrary files in the system. Exploiting this vulnerability could allow an attacker to enhance their privileges by creating a specially crafted symbolic link to a critical folder in...

The vulnerability in the implementation of the util.printf() function allows attackers to execute arbitrary code in PDF viewer and editor applications like Adobe Reader and Adobe Acrobat.

The vulnerability of the util.printf function in PDF viewing and editing applications like Adobe Reader and Adobe Acrobat arises from the execution of operations outside of the buffer in memory, due to improper parameter checking. Exploiting this vulnerability allows a malicious actor to execute...

D-Link Dir-X1860 安全漏洞

The D-Link Dir-X1860 is a dual-band router from D-Link, a Chinese company. A specially designed URL to an authenticated victim to reboot the router. The authenticated victim would need to access the URL in order for the router to reboot...

ROS-2-1848

2.1848 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild

Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild. The elevation of privileges EoP vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since at least Windows 7 in the Window...

The vulnerability in the web interface for managing Cisco Small Business microprogramming software allows a perpetrator to execute arbitrary code or gain access to confidential information.

The vulnerability of the web interface for managing Cisco Small Business microprogramming software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or gain access to confidential...

The vulnerability of the Clientless SSL VPN (WebVPN) component of the Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense software allows a perpetrator to execute arbitrary code or gain access to confidential information.

The vulnerability of the Clientless SSL VPN WebVPN component of the micro-programming network interface software from Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense exists due to the lack of protective measures for the web page structure. Exploiting this vulnerability allows...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

CVE-2015-1340

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice...

The vulnerability of the Azure DevOps Server software development tools’ setup exists due to the lack of measures taken to neutralize specific elements. This vulnerability allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Azure DevOps Server software development tools exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of protected information through a specially...

The vulnerability in the web interface for controlling Cisco Registered Envelope Service allows a perpetrator to inject arbitrary code into the web page that is uploaded.

The vulnerability of the web interface for managing security information transmitted by the Cisco Registered Envelope Service is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the...

CVE-2017-17322

Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could caus...

Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection

Exploit Title: Freelance Website Script 2.0.6 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/freelance-website-script/ Version: 2.0.6 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...

CVE-2017-17085

creationtimestamp| type| source ---|---|--- 2017-12-07 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43233...

CVE-2017-15084

creationtimestamp| type| source ---|---|--- 2017-08-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42961...