www-itec.uni-klu.ac.at XSS vulnerability

Vulnerable URL: http://www-itec.uni-klu.ac.at/bib/index.php?keywords=%3Csvg/onload=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated V...

association-asse.fr XSS vulnerability

Vulnerable URL: http://association-asse.fr/modules/wsImagemanager/index.php?categoryid=132id=51 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 9428426 VIP website status:| No Check...

PT-2017-17037

Name of the Vulnerable Software and Affected Versions WPO-Foundation WebPageTest version 3.0 Description An issue exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. This allows an attacker to execute arbitrary HTML and script cod...

PT-2017-1249 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 24.0.0.194 and earlier Description: The issue is related to a heap overflow vulnerability in the Flash Video FLV codec. This vulnerability could be exploited to achieve arbitrary code execution. The vulnerability i...

Overload: Critical Lessons from 15 Years of ICS Vulnerabilities

In the past several years, a flood of vulnerabilities has hit industrial control systems ICS – the technological backbone of electric grids, water supplies, and production lines. These vulnerabilities affect the reliable operation of sensors, programmable controllers, software and networking...

cms.creators.com XSS vulnerability

Vulnerable URL: https://cms.creators.com/site/users/login?r= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check cms.creators.com...

Accela Civic Platform Citizen Access portal contains multiple vulnerabilities

Overview Accela Civic Platform Citizen Access portal contains cross-site scripting and arbitrary file upload vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2016-5660Accela Civic Platform Citizen Access portal contains ...

NETLOGON Spoofing Vulnerability.

Description It's basically the same as CVE-2015-0005 for Windows: The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a...

Insufficient symlink verification in smbd.

Description All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to a bug in symlink verification, which under certain circumstances could allow client access to files outside the exported share path. If a Samba share is configured with a path that shares a common path prefix with...

PT-2023-25558 · Monetdb +1 · Monetdb Server +1

Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the gc col component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For versions 11.45.17 and 11.46.0, consider...

vBulletin 4.x SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API post-auth ============================================================================ == Overview - -------- date : 10/12/2014 cvss : 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C base cwe : 89 vend...

PT-2014-1714 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.0.2.0 through 10.3.6.0 Description: The issue affects confidentiality and can be exploited by remote attackers through vectors related to WLS - Web Services in the Oracle WebLogic Server component of Oracle...

PT-2014-2179 · D Link · D-Link Dir-601 Wireless N150 Home Router

Name of the Vulnerable Software and Affected Versions: D-Link DIR-601 Wireless N150 Home Router version 1.02NA Description: A directory traversal issue in the TFTP server of the affected router allows remote attackers to read arbitrary files. The exact vectors used for exploitation are not...

Researchers Ponder When to Notify Users of Public Vulnerability Exploits

BERLIN–Just whispering the words “vulnerability disclosure” within earshot of a security researcher or vendor security response team members can put you in fear for your life these days. The debate is so old and worn out that there is virtually nothing new left to say or chew on at this point...

PT-2013-3016 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1 Description: A...

PT-2012-1380 · Symantec · Symantec Norton Internet Security

Name of the Vulnerable Software and Affected Versions: Symantec Norton Internet Security 2010 version 17.5.0.127 Description: A race condition issue allows local users to bypass kernel-mode hook handlers and execute dangerous code that would otherwise be blocked by a handler but not blocked by...

Oracle Critical Patch Update - April 2012

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories...

Remote code execution vulnerability in smbd

Description Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon smbd are increasing strictly monotonically. Therefore a remote code execution vulnerability exists in the smbd service. A remote attacker could use the vulnerability to launch an exploit over a network...

Multiple Browsers - Denial of Service

One bug to rule them all IE5,IE6,IE7,IE8,Netscape,Firefox,Safari,Opera,Konqueror, Seamonkey,Wii,PS3,iPhone,iPod,Nokia,Siemens.... and more. Don't wet your pants - it's DoS only Release mode: Tried hard to coordinate - gave up Reference : GSEC-TZO-26-2009 - One bug to rule them all WWW :...

Blackberry Mobile Data Service XSS

ERNW Security Advisory 01-2009 XSS in Blackberries Mobile Data Service Connection Service Author: Michael Thumann 1. Summary The Blackberry Mobile Data Service Connection is vulnerable to several XSS attacks in the "Customize Statistics Page". 2. CVSS V2 Base Score : 3.5 based on vendor rating 3...