HPE Network Node Manager i (NNMi) Cross-Site Scripting Vulnerability (CNVD-2016-11189)

HPE Network Node Manager i NNMi is a suite of network management software from Hewlett Packard Enterprise HPE. The software unifies the management of network failures, availability, and performance in a single centralized console, and enables users to extend network uptime, improve performance, a...

HPE Network Node Manager i (NNMi) Cross-Site Scripting Vulnerability

HPE Network Node Manager i NNMi is a suite of network management software from Hewlett Packard Enterprise HPE. The software unifies the management of network failures, availability, and performance in a single centralized console, and enables users to extend network uptime, improve performance, a...

Multiple IBM Rational Products Cross-Site Scripting Vulnerabilities

IBM Rational Team Concert and Rational Collaborative Lifecycle Management are collaborative lifecycle management solutions from IBM USA.IBM Rational DOORS Next Generation RDNG is a requirements management solution from IBM USA. IBM Rational Engineering Lifecycle Manager is a suite of engineering...

Arbitrary file upload vulnerability in earcms uplog.php

Ear Music Ear Music is an interface using Discuz backend style and UCHome user center style combined with the core by the high-speed template engine and caching mechanism and other frameworks coexist PHP open source music system. earcms uplog.php arbitrary file upload vulnerability , attackers ca...

Microsoft Edge CVE-2016-7209 Spoofing Vulnerability

Description Microsoft Edge is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Edge...

pacemaker: Privilege escalation due to improper guarding of IPC communication

An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on th...

CVE-2016-7095

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

CVE-2016-7095

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

Design/Logic Flaw

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

CVE-2016-7095

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

CVE-2016-7095

Exponent CMS prior to version 2.3.9 is vulnerable to an attacker uploading a malicious script file via redirection to place it in an unprotected folder that allows script execution. This affects Exponent CMS 2.3.x and earlier components handling file uploads; impact includes potential code execut...

UBUNTU-CVE-2016-7035

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...

Novell NetIQ Identity Manager HTML Injection Vulnerability

NetIQ Designer for Identity Manager is a suite of graphical interface tools for configuring and deploying Identity Manager, a comprehensive solution for providing identity and control access, from NetIQ USA. An html injection vulnerability exists in Novell NetIQ Identity Manager versions prior to...

Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Curre...

SAP Console HTML Injection Vulnerability

SAP Console is a set of distribution components from SAP that supports the connection of exchange information within the SAP system. An html injection vulnerability exists in SAP Hybris Management Console version 5.6. An attacker could exploit this vulnerability to execute arbitrary script code i...

Alienvault OSSIM and USM PHP Object Injection Vulnerabilities

AlienVault OSSIM is an open source security information management system.USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. An object injection vulnerability exists in Alienvault OSSIM and USM, which...

Foreman HTML Injection Vulnerability (CNVD-2016-10271)

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An HTML injection vulnerability exists in Foreman, which arises from the program's failure to adequately...

Nextcloud Server Content Spoofing Vulnerability

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a content spoofing vulnerability in the "dav" app. The vulnerability is caused by displaying an abnormal message on the endpoint that puts input under the...

Nextcloud Server Content Spoofing Vulnerability (CNVD-2016-10259)

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a content spoofing vulnerability in the "files" app. The vulnerability is caused by displaying an abnormal message on the endpoint that puts inputs under the...

PowerShell Script Execution Troubleshooting Advice

Veeam Support Scope Per Veeam Support Policy: Custom script troubleshooting is not supported. What's in Scope: Confirming that the Veeam task executed the script. Assisting with Veeam PowerShell cmdlets not functioning as intended or documented. What's Out of Scope: Troubleshooting why a custom...