Cisco Tetration Analytics Cross-Site Scripting Vulnerability

Cisco Tetration Analytics is a hybrid cloud workload protection solution. The product features trust whitelisting, software vulnerability detection and network performance monitoring. A cross-site scripting vulnerability exists in the web-based management interface in Cisco Tetration Analytics,...

CVE-2018-0675

AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors...

CVE-2018-0675

AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors...

CVE-2018-0674

AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors...

CVE-2018-0674

AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors...

Design/Logic Flaw

AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors...

Design/Logic Flaw

AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors...

CVE-2018-0675

CVE-2018-0675 affects AttacheCase up to version 3.3.0.0 (and earlier). The vulnerability allows arbitrary script execution via crafted settings, specifically when a malicious ATCCase.ini is placed in the same folder as the ATC file and the file is decrypted. The root cause is tied to handling of ...

CVE-2018-0674

CVE-2018-0674 affects AttacheCase, a file‑encryption tool by HiBARA Software. Vulnerability: when a specially crafted AtcCase.ini is in the same folder as the ATC file, decryption can trigger execution of an arbitrary script, enabling a remote unauthenticated attacker to run code. Affected: Attac...

AttacheCase Arbitrary Code Execution Vulnerability

AttacheCase is a suite of file encryption software. An arbitrary code execution vulnerability exists in AttacheCase, which can be exploited by a remote, unauthenticated attacker to execute arbitrary scripts...

AttacheCase vulnerable to arbitrary script execution

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. If a setting file AtcCase.ini is specially crafted and it resides in the same folder where ATC file resides, it is leveraged to execute an arbitrary script when ATC file is decrypted. Taizoh Tsukamoto of...

JVN#02037158: AttacheCase vulnerable to arbitrary script execution

AttacheCase is an open source file encryption software provided by HiBARA Software. If a setting file AtcCase.ini is specially crafted and it resides in the same folder where ATC file resides, it is leveraged to execute an arbitrary script when ATC file is decrypted. Impact A remote unauthenticat...

Movable Type vulnerable to cross-site scripting

Overview Movable Type provided by Six Apart, Ltd. is a content management system. Movable Type contains a cross-site scripting vulnerability CWE-79. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

DuckDuckGo: XSS in Subdomain of DuckDuckGo

A cross-site scripting vulnerability was discovered in a subdomain of DuckDuckGo. The subdomain had a Content Security Policy header intended to prevent script execution, but this could be bypassed in Internet Explorer. As a result, malicious scripts could be injected and executed in the...

Cisco Small Business 300 Series (Sx300) Managed Switches Cross-Site Scripting Vulnerability

Cisco Small Business 300 Series Sx300 Managed Switches is a 300 series switch device from the American company Cisco Cisco. A cross-site scripting vulnerability exists in the web-based management interface of the Cisco Small Business 300 Series Sx300 Managed Switches, which stems from the interfa...

CA API Developer Portal Cross-Site Scripting Vulnerability (CNVD-2018-17503)

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in CA API Developer Portal version 4.x, versions prior to 4.2.5.3, and versions prior to 4.2.7.1, which originates when the program...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

Security Bulletin: Rational Host On-Demand administrative interface is vulnerable to DOM XSS (CVE-2015-5002)

Summary IBM Rational Host On-Demand administrative interface is vulnerable to DOM XSS in multiple parameters, caused by improper validation of user supplied input Vulnerability Details CVEID: CVE-2015-5002 DESCRIPTION: IBM Host On-Demand is vulnerable to cross-site scripting, caused by improper...

JVN#18716340: Multiple cross-site scripting vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the UserGroup Management section of admin page CWE-79 - CVE-2018-0652 Version| Vector| Score ---|---|--- CVSS v3|...

Code Execution Vulnerability in the File Management System of Laoban CMS Backend

Laoban CMS content management system referred to as: Laoban CMS is developed by Laoban based on PHP + MYSQL environment of the open source station-building system. A code execution vulnerability exists in the background file management of Laoban CMS. An attacker can exploit the vulnerability to...