6716 matches found
Cross-site scripting vulnerability in WordPress plugin "WordPress Download Manager"
Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
Cybozu KUNAI for Android vulnerable to cross-site scripting
Overview Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...
Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1258 MsMpEng's JS engine uses garbage collection to manage the lifetime of Javascript objects. During mark and sweep the GC roots the vectors representing the JS stack as well as a few other hardcoded objects, traversing reachable...
WebKit FrameLoader::clear Variable Theft
WebKit: Stealing variables via page navigation in FrameLoader::clear CVE-2017-2515 void FrameLoader::clearDocument newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView mframe.editor.clear; if !mneedsClear return; mneedsClear = false; if...
WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation
pageCacheState != Document::InPageCache ... mframe.document-prepareForDestruction; removeFocusedNodeOfSubtreemframe.document; ... mframe.setDocumentnullptr; domWindow; Click anywhere. function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; window.onclick = =...
Pi Engine Cross-Site Scripting Vulnerability
PI Engine is an open-source CMS system that is more widely used within some Internet companies. A cross-site scripting vulnerability exists in PI Engine, which stems from the program failing to properly validate user-supplied input. When an unsuspecting user browses the affected site, an attacker...
Multiple vulnerabilities in FortiPortal (CNVD-2017-10722)
FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...
IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-08125)
IBM Curam Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. IBM Curam Social Program Management suffers from a cross-site scripting vulnerability that originates from the program faili...
NetComm NB16WV-02 HTML Injection Vulnerability
The NetComm NB16WV-02 is a router product from NetComm Australia. The NetComm NB16WV-02 suffers from an HTML injection vulnerability that originates when a program fails to properly validate user-supplied input. When an unknowing user browses the affected site, an attacker could exploit the...
SAP Enterprise Portal Cross-Site Scripting Vulnerability
SAP Enterprise Portal is a set of enterprise portal based on NetWeaver system platform developed by SAP, which contains content management, single sign-on, knowledge management, collaborative work, full-text search and other modules. A cross-site scripting vulnerability exists in SAP Enterprise...
Multiple vulnerabilities in FortiPortal (CNVD-2017-10727)
FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...
Multiple vulnerabilities in FortiPortal (CNVD-2017-10725)
FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...
Multiple vulnerabilities in FortiPortal (CNVD-2017-10723)
FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...
Multiple vulnerabilities in FortiPortal
FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...
Multiple vulnerabilities in FortiPortal (CNVD-2017-10726)
FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...
Pivotal RabbitMQ Product Cross-Site Scripting Vulnerability
Pivotal RabbitMQ and RabbitMQ for PCF are both products of the American company Pivotal Software. The former is a set of open source message broker software that implements the Advanced Message Queuing Protocol AMQP, and the latter is an open source messaging server used to support data monitorin...
JVN#11326581: Empirical Project Monitor - eXtended vulnerable to cross-site scripting
Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Empirical Project Monitor - eXtended The...
Simple Snort Installation: Snorter
Simple Snort Installation Tricky script which mades Snort installation simply as a script execution is. The script installs: Snort : Open Source IDS. Barnyard2 : Interpreter for Snort unified2 binary output files. PulledPork : Snort rule management. WebSnort : Web Interface for PCAP analysis...
Design/Logic Flaw
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...
CVE-2017-6250
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...