Huawei PC Manager Authorization Issues Vulnerability

Huawei PC Manager is a computer management application from Huawei China. An authorization issue vulnerability exists in Huawei PC Manager version 9.1.3.1, which arises from the driver's interface not adequately validating data from the userland. An attacker could exploit the vulnerability to...

KLA11519 Multiple vulnerabilities in LibreOffice

Multiple vulnerabilities were found in LibreOffice. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. An improper script handling issue can be exploited remotely via a specially crafted file t...

X (Formerly Twitter): Stored XSS in https://app.mopub.com

Vulnerable URL https://app.mopub.com/reports/custom/ XSS Payload: " Parameter nrnew-interval Steps To Reproduce: 1. Login with your credentials. 2. Go to URL: https://app.mopub.com/reports/custom/ 3. Click on New Network Report = Create a new network performance report. 4. Start Burp suite proxy...

schneider Vijeo Designer suffers from dll hijacking vulnerability

Schneider Electric SA is a global electrical company headquartered in France and a global specialist in energy efficiency management and automation. A dll hijacking vulnerability exists in schneider Vijeo Designer. An attacker can exploit this vulnerability to load a malicious dll and execute...

DLL Hijacking Vulnerability in INVT PanelSim

Shenzhen Inventec Electric Co., Ltd. is specializing in industrial automation and energy and power fields. A DLL hijacking vulnerability exists in INVT PanelSim when processing pl3 project files. An attacker can exploit the vulnerability to load a malicious DLL and execute malicious code...

Kinco KINCOHUIXINPLUGIN suffers from dll hijacking vulnerability

Shanghai BUCO Automation Co., Ltd. is a private high-tech enterprise engaged in the research, development and production of automation products. Kinco KINCOHUIXINPLUGIN suffers from a dll hijacking vulnerability that can be exploited by attackers to execute malicious code...

dll hijacking vulnerability exists in state god dwmapi

Nanjing New Dixon Software Technology Co., Ltd. is a company mainly engaged in computer software and hardware technology development, sales, installation, technical consulting, technical services; computer system integration; network engineering and other projects. There is a dll hijacking...

Hopscotch MagicWorks HMI wintab32 suffers from dll hijacking vulnerability

Shenzhen Hexin Automation Technology Co., Ltd. is a company that mainly deals with items such as PLC, HMI, servo, special control system, remote I/O and field network products. Hopsin MagicWorks HMI wintab32 has a dll hijacking vulnerability that can be exploited by attackers to execute malicious...

Memory Corruption Vulnerability in Kovac HMIStudio hs Project File

Huangshi Kewei Automatic Control Co., Ltd. is a company mainly engaged in microelectronic products, automation instrumentation development and application and related engineering supporting services and other projects. A memory corruption vulnerability exists in the Kewe HMIStudio hs project file...

Memory Corruption Vulnerability in dp2 Project File of Xinjie OP20 Screen Setting Tool

Wuxi Xinjie Electric Co., Ltd. is a well-known domestic enterprise focusing on the research, development and application of industrial automation products. A memory corruption vulnerability exists in the dp2 project file of the Xinjie OP20 screen setup tool, which can be exploited by attackers to...

CVE-2019-1002101

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could r...

Node.js third-party modules: [fileview] Inadequate Output Encoding and Escaping

I would like to report stored xss in fileview module It allows an attacker to embed malicious js code in filename there was no sanitization performed. Module module name:fileview version: 0.1.6 npm page: https://www.npmjs.com/package/fileview Module Description File browsers on web. It's easy to...

Critical WinRAR Flaw Found Actively Being Exploited

A critical 19-year-old WinRAR vulnerability disclosed last week has now been spotted actively being exploited in a spam campaign spreading malware. The campaign, discovered by researchers with 360 Threat Intelligence Center, takes advantage of a path-traversal WinRAR vulnerability, which could...

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

Cross site scripting

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

CVE-2018-16861

A cross-site scripting XSS flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and...

razorCMS HTML Injection Vulnerability

razorCMS is an open source content management system written in PHP, which stores all data in flat files, so there is no need to install a database. An HTML injection vulnerability exists in razorCMS version 3.4.7, which can be exploited by attackers to execute malicious code...

DLL Hijacking Vulnerability in GE iFix scu.exe Component

GE Intelligent Platforms' GE-IP iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring of manufacturing operations. A DLL hijacking vulnerability exists in the GE iFix scu.exe component, which can be exploited ...

CVE-2018-10604

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution...