CVE-2020-35203

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported b...

PT-2021-11837 · Quest · Quest Policy Authority

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "/WebCM/index.jsp" file using the msg parameter. This affects products that...

Quest Software Policy Authority For Unified Communications 跨站脚本漏洞

Quest Policy Authority For Unified Communications is a software from Quest, Inc. that is used in corporate environments to consolidate communication data between various media text and instant messaging, video conferencing, email and voicemail. A cross-site scripting vulnerability exists in Quest...

Microsoft Outlook MSG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

CVE-2019-12000

HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging...

CVE-2019-12000

CVE-2019-12000 relates to the HPE MSE Msg Gw application E-LTU prior to version 3.2, where a potential Remote Access Restriction Bypass exists when HTTPS is used between the USSD and an external USSD service logic application. Affected component: HPE MSE Messaging Gateway (E-LTU); root cause: ins...

Node.js third-party modules: [commit-msg] RCE via insecure command formatting

I would like to report a RCE issue in the commit-msg module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: commit-msg version: 0.2.3 npm page: https://www.npmjs.com/package/commit-msg Module Description commit-msg is a customizable git commit message...

CVE-2019-15482

selectize-plugin-a11y before 1.1.0 has XSS via the msg field...

CVE-2019-15482

The CVE-2019-15482 entry concerns the package selectize-plugin-a11y prior to version 1.1.0, where a Cross-Site Scripting (XSS) vulnerability exists in the msg field. The root cause, as described in the Node.js advisory, is that the accessibility.liveRegion.speak function does not sanitize the msg...

PT-2019-13577 · Mcpp +1 · Mcpp +1

Name of the Vulnerable Software and Affected Versions: MCPP version 2.7.2 Description: The issue is a heap-based buffer overflow in the do msg function located in support.c. This overflow can potentially lead to arbitrary code execution, allowing an attacker to execute malicious code on the...

DEBIAN-CVE-2018-18849

In Qemu 3.0.0, lsidomsgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msglen value...

Microstrategy Web Cross-Site Scripting Vulnerability (CNVD-2018-23268)

MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A cross-site scripting vulnerability exists in Microstrategy Web 7. The vulnerability stems from Microstrategy Web failing to adequately encode user-controlled input. An...

CVE-2018-18775

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product...

CVE-2018-18775

The vulnerability CVE-2018-18775 affects Microstrategy Web 7, where Login.asp Msg parameter input is not sufficiently encoded, causing a Cross-Site Scripting (XSS). The NVD entry notes input encoding weaknesses leading to XSS with a base CVSS v3.0 score of 6.1 (Network, Low user interaction requi...

DedeCMS Cross-Site Scripting Vulnerability (CNVD-2018-19871)

DedeCMS is a PHP-based web content management system CMS. A cross-site scripting vulnerability exists in the /plus/feedbackajax.php file in DedeCMS version 5.7 SP2, which can be exploited by remote attackers to execute JavaScript code with the help of the onhashchange attribute in the 'msg'...

UBUNTU-CVE-2017-7558

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic...

CVE-2018-1000179

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handleconst Login &msg coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service...

FreeBSD Kernel (FreeBSD 10.2 x64) - sendmsg Kernel Heap Overflow (PoC) Exploit

Exploit for freebsd platform in category dos / poc include include include include include include include include include include void atagetxportvoid; int kprintfconst char fmt, ...; char ostype; void resolvechar name struct kldsymlookup ksym; ksym.version = sizeofksym; ksym.symname = name;...

CVE-2017-12626

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...