CVE-2018-19286

The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value along with an arbitrary username value, and then creating and sharing a note...

CVE-2018-19286

The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value along with an arbitrary username value, and then creating and sharing a note...

CVE-2018-19286

CVE-2018-19286 describes an XSS vulnerability in the mubu note server. An attacker can trigger XSS by configuring an account with a crafted name value (together with an arbitrary username) when creating and sharing a note, enabling the attacker to inject script via the name field. The NVD summary...

org.apache.syncope:syncope-core-upgrader (>=1.2.0 <=1.2.11), org.apache.syncope:syncope-standalone (>=1.1.0 <=1.1.8) potentially affected by CVE-2018-17184 via org.apache.syncope:syncope-core (>=1.1.0 <=1.2.9)

org.apache.syncope:syncope-core MAVEN version =1.1.0, =1.2.0, =1.1.0, =1.1.8 Source cves: CVE-2018-17184 Source advisory: OSV:GHSA-9H9C-F287-C6VP...

helha.be Improper Access Control vulnerability

Open Bug Bounty ID: OBB-695395 Description| Value ---|--- Affected Website:| helha.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| hidden unt...

com.bluelock:camel-spring-amqp (>=1.5 <=1.6.3), com.github.jknack:mwa-camel (=0.4.0) +215 more potentially affected by CVE-2014-0003 via org.apache.camel:camel-core (>=2.11.0 <=2.11.3)

org.apache.camel:camel-core MAVEN version =2.11.0, =1.5, =1.5, =1.5, =1.5, =1.5, =1.0.0, =5.14, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 and more Source cves: CVE-2014-0003 Source advisory: OSV:GHSA-H6RP-8V4J-HWPH...

Google Patches Critical Vulnerabilities in Android OS

Google patched six critical remote code execution flaws in its Android operating system as part of its October Android Security Bulletin. Four of those remote code execution flaws are tied to Android’s Media framework and impact a wide range of Android devices including Google’s Pixel and Nexus...

HDF5 Denial of Service Vulnerability

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. A denial of service vulnerability exists in the 'ReadCode' function of the decompress.c file in HDF5 1.10.3 and earlier versions...

CVE-2018-16955

The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting XSS. The content of the inhiredirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MIT...

Ghostscript Vulnerability

NCCIC is aware of a Ghostscript vulnerability affecting various vendors. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Vulnerability Note VU332928, apply the necessary workarounds, and refer to vendors f...

fis-parser-sass-all (=0.2.3) potentially affected by CVE-2016-10686 via fis-sass-all (=0.2.0)

fis-sass-all NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fis-sass-all and may be impacted: - fis-parser-sass-all =0.2.3 Source cves: CVE-2016-10686 Source advisory: OSV:GHSA-VCFP-PPQW-MF23...

New Variant of KeyPass Ransomware Discovered

A new variant of the KeyPass ransomware has been gaining traction in August and is using new techniques like manual control to customize its encryption process, researchers said Monday. Researchers at Kaspersky Lab who posted about the trojan said that it is being propagated by means of fake...

PHP Denial of Service Vulnerability (CNVD-2018-14777)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A security vulnerability exists in th...

Chaturbate: CSV Injection with the CSV export feature

Hi there, hope you are well, The "Download as a CSV" feature of does not properly "escape" fields. So that particular field is vulnerable to CSV injection. Steps of POC Step 1 : Go to any chat room and donate any token to some and in note insert =4+4. Step 2 : Now go to on this link and download...

ncaahallofchampions.org XSS vulnerability

Open Bug Bounty ID: OBB-651680 Description| Value ---|--- Affected Website:| ncaahallofchampions.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Joplin Cross-Site Scripting Vulnerability

Joplin is an open source document note-taking application based on the Markdown format. The program supports copying, marking and modification of text and so on. A cross-site scripting vulnerability exists in the Note content field in versions of Joplin prior to 1.0.90. A remote attacker can...

CVE-2018-1000534

Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...

CVE-2018-1000534

CVE-2018-1000534 affects Joplin versions prior to 1.0.90. The issue is a Cross-site Scripting (XSS) that can evolve into code execution due to enabled nodeIntegration in a specific BrowserWindow instance, with the XSS originating in the Note content field. Attackers could exploit this by forcing ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director.

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Vulnerability Details CVEID: CVE-2017-10115 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS (CVE-2016-0466, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS. These issues were disclosed as part of the IBM Java SDK...