140 matches found
[SECURITY] Fedora 28 Update: vcftools-0.1.16-1.fc28
A program package designed for working with VCF files, such as those generated by the 1000 Genomes Project. The aim of VCFtools is to provide methods for working with VCF files: validating, merging, comparing and calculate some basic population genetic statistics...
jamesphogan.com XSS vulnerability
Open Bug Bounty ID: OBB-650365 Description| Value ---|--- Affected Website:| jamesphogan.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Simple DirectMedia Layer SDL2_image Image Palette Population Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
Coinbase: Prepopulation of email address and name leaks information provided to other merchants
Users of the commerce widget that have entered their name and email into the widget and moved to the currency selection step were vulnerable to a clickjacking attack that revealed name and email to an attacker due to pre-population of the widget's fields. After a user filled out the name / email...
CVE-2017-1000488
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form...
CVE-2017-1000488
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form...
cve-search - A Tool To Perform Local Searches For Known Vulnerabilities
cve-search is a tool to import CVE Common Vulnerabilities and Exposures and CPE Common Platform Enumeration into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE databases. This is usually fast...
Behavior of VM.xenstore_data
Summary This article describes the behavior ofVM.xenstoredata. This behavior might affect customers who use thexenstore-data parameter of a Virtual Machine VM, especially those customers who are writing software that interacts with XenServer and uses this parameter. Behavior of VM.xenstoredata If...
Friday Squid Blogging: Why It's Hard to Track the Squid Population
Counting squid is not easy. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
CVE-2017-3067
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms...
Information disclosure
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms...
CVE-2017-3067
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms...
CVE-2015-4594
eClinicalWorks Population Health CCMR suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID...
Cross site request forgery (csrf)
eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...
CVE-2015-4591
eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...
Session fixation
eClinicalWorks Population Health CCMR suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID...
CVE-2015-4593
eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...
CVE-2015-4594
CVE-2015-4594 affects eClinicalWorks Population Health CCMR Client Portal. The root cause is a missing new session ID upon user authentication, enabling session fixation by reusing an existing session ID. The vulnerability implies potential compromise of active sessions (high/critical impact per ...
CVE-2015-4591
CVE-2015-4591 relates to the eClinicalWorks Population Health (CCMR) Client Portal. The vulnerability is a cross-site scripting (XSS) weakness in login.jsp that allows injection of arbitrary JavaScript via the strMessage parameter. The underlying issue is insufficient input sanitization of this p...
CVE-2015-4591
eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...