ownCloud Desktop Client Local Command Injection Vulnerability

The ownCloud Desktop Client is a desktop client for connecting to OwnCloud servers. The ownCloud Desktop Client local command injection vulnerability allows an attacker to exploit the vulnerability to execute arbitrary script code in the context of an affected application...

Huawei Policy Center Cross-Site Scripting Vulnerability

Huawei Policy Center is a set of policy management center software from Huawei China. The software provides features such as visitor management and personalized customization of the Portal login interface. A cross-site scripting vulnerability exists in Huawei Policy Center versions V100R003C00 an...

IBM WebSphere Portal XSS Vulnerability

IBM WebSphere Portal is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2016-06713)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting vulnerability exists in...

Simple Chat Cross-Site Scripting Vulnerability

Simple Chat is a PHP and MySQL based Web chat program . A cross-site scripting vulnerability exists in versions of Simple Chat prior to 2016/08/15. An attacker can exploit this vulnerability to execute arbitrary script code...

IBM BigFix Platform Cross-Site Scripting Vulnerability

IBM BigFix formerly known as IBM Endpoint Manager, Tivoli Endpoint Manager is a set of system management software from the American company IBM. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other function...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2016-06712)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting vulnerability exists in...

simple chat vulnerable to cross-site scripting

Overview simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

Apache Ranger HTML Injection Vulnerability

Apache Ranger is the Apache Software Foundation's architecture for implementing comprehensive security measures for Hadoop clusters, providing centralized security policy management for core enterprise security requirements such as authorization, billing, and data protection. Apache Ranger has an...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2016-06551)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. A cross-site scripting vulnerability exists in IBM Maximo Asset Management versions 7.6, 7.5, and 7.1, which can be exploited by an attacker to execute arbitrary script code and steal...

Trend Micro WFBS Multiple Vulnerabilities

Trend Micro Worry-Free Business Security is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

"Response request" function in Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "Response request" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated unde...

Trend Micro OfficeScan Path Traversal and HTTP Header Injection Vulnerability

Trend Micro OfficeScan is prone to a path traversal and HTTP header injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

ClipBucket cross-site scripting vulnerability (CNVD-2016-06481)

ClipBucket is an open source video sharing software developed by Arslan team. The software allows you to share videos to video sites and supports the lights off effect when watching a movie. ClipBucket suffers from a cross-site scripting vulnerability. Because the program fails to properly filter...

Geeklog IVYWE edition contains a cross-site scripting vulnerability

Overview Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

ClipBucket vulnerable to cross-site scripting

Overview Clipbucket is open source video sharing script. ClipBucket contains a cross-site scripting CWE-79 vulnerability. Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

Multiple HTML Injection Vulnerabilities in Fortinet FortiVoice

The Fortinet FortiVoice phone system is designed to provide a simple, affordable and user-friendly package for handling intelligent calls. Multiple HTML injection vulnerabilities exist in Fortinet FortiVoice. Because the program fails to properly filter user-supplied input, an attacker could...

Multiple HTML Injection Vulnerabilities in Fortinet FortiCloud

Fortinet FortiCloud is a hosted security management and log retention service for the FortiGate product line. Multiple HTML injection vulnerabilities exist in Fortinet FortiCloud. Because the program fails to properly filter user input, an attacker could exploit the vulnerabilities to execute...

Foreman HTML Injection Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An HTML injection vulnerability exists in Foreman, which arises from the program's failure to adequately...

Red Hat Satellite HTML Injection Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. An HTML injection vulnerability exists in Red Hat Satellite version 6, whi...