CVE-2018-15122

An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object such as DLL or EXE with an embedded resource file by clicking on the resource...

Security Bulletin: Multiple vulnerabilities affect IBM InfoSphere Information Server (CVE-2015-0383, CVE-2015-0410, CVE-2014-6593 CVE-2015-0138 CVE-2015-2808)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on...

progress-film.de XSS vulnerability

Open Bug Bounty ID: OBB-631846 Description| Value ---|--- Affected Website:| progress-film.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Who’s who in the Zoo

ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration. We label them from v1-v...

Security update for lame (important)

This update for lame fixes the following issues: Lame was updated to version 3.100: Improved detection of MPEG audio data in RIFF WAVE files. sf3545112 Invalid sampling detection New switch --gain decibel, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the...

Progress Sitefinity Information Disclosure Vulnerability

Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity version 9.1, which stems from the fact that the wrapaccesstoken remains valid and is passed via a GET parameter after a session termination or...

CVE-2017-18091

The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 the fixed version for 4.4.x and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the filename of a backu...

Progress Sitefinity Cross-Site Scripting Vulnerability

Progress Sitefinity is an open source platform for building corporate websites and intranets. A cross-site scripting vulnerability exists in Progress Sitefinity version 9.1. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via Content Management Templa...

Progress Sitefinity Cross-Site Scripting Vulnerability (CNVD-2018-05678)

Progress Sitefinity is an open source platform for building corporate websites and intranets. A cross-site scripting vulnerability exists in Progress Sitefinity version 9.1. A remote attacker could exploit this vulnerability to access arbitrary information and functionality...

Progress Sitefinity Open Redirect Vulnerability

Progress Sitefinity is an open source platform for building corporate websites and intranets. An open redirect vulnerability exists in Authenticate/SWT in Progress Sitefinity version 9.1. An attacker can exploit this vulnerability to redirect users to arbitrary websites...

Progress Sitefinity Cross-Site Scripting Vulnerability (CNVD-2018-05684)

Progress Sitefinity is an open source platform for building corporate websites and intranets. A cross-site scripting vulnerability exists in Progress Sitefinity version 9.1. The vulnerability can be exploited by remote attackers to inject malicious JavaScript code via the Last name, First name, a...

CVE-2017-18179

Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...

Design/Logic Flaw

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration aka Templateconfiguration, as demonstrated by the src attribute of an IMG element. This is fixed in 10.1...

Authentication flaw

Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...

Default credentials

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1...

Open redirect

Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1...

Design/Logic Flaw

Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1...

CVE-2017-18175

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration aka Templateconfiguration, as demonstrated by the src attribute of an IMG element. This is fixed in 10.1...

CVE-2017-18177

Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1...

CVE-2017-18175

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration aka Templateconfiguration, as demonstrated by the src attribute of an IMG element. This is fixed in 10.1...