MGASA-2019-0281 Updated webkit2 packages fix security vulnerabilities

Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling CVE-2019-8644. Processing maliciously crafted web content may lead to universal...

Cisco Email Security Appliance Content Filter Bypass Vulnerability (cisco-sa-20190703-esa-filterpass)

According to its self-reported version, Cisco Email Security Appliance ESA is affected by a vulnerability in the email message scanning of Cisco AsyncOS Software due to improper input validation of certain email fields. An unauthenticated, remote attacker can exploit this vulnerability by sending...

CVE-2019-1933

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker cou...

CVE-2019-1933

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker cou...

Input validation

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker cou...

CVE-2019-1933 Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker cou...

CVE-2019-1933 Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker cou...

Cross-Site Scripting (XSS)

Foreman is vulnerable to cross-site scripting XSS attacks. A remote attacker could exploit a flaw in the web interface component. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface...

Cross site scripting

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface...

CVE-2016-8639

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface...

WordPress Popup By Supsystic 1.7.6 Cross Site Request Forgery

------------------------------------------------------------------------ Popup by Supsystic WordPress plugin vulnerable to Cross-Site Request Forgery ------------------------------------------------------------------------ Radjnies Bhansingh, July 2016...

WordPress Popup by Supsystic 1.7.6 Plugin - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications !-- Source: https://sumofpwn.nl/advisory/2016/popupbysupsysticwordpresspluginvulnerabletocrosssiterequestforgery.html Abstract A Cross-site Request Forgery vulnerablity exists in the Popup by Supsystic WordPress Plugin. This vulnerablity allow...

WordPress Insert Html Snippet 1.2 Cross Site Request Forgery Vulnerability

WordPress Insert Html Snippet plugin version 1.2 suffers from a cross site request forgery vulnerability. ------------------------------------------------------------------------ Cross-Site Request Forgery in Insert Html Snippet WordPress Plugin...

CVE-2016-8639

It was found that foreman is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface...

ManageEngine ADSelfService Plus < 5.3 Build 5313 PasswordSelfServiceAPI XSS

The ManageEngine ADSelfService Plus application running on the remote host is affected by a cross-site scripting XSS vulnerability in PasswordSelfServiceAPI due to improper sanitization of user-supplied input to the 'PSSOPERATION' parameter. An unauthenticated, remote attacker can exploit this, v...

sNews CMS 1.7.1 CSRF / Cross Site Scripting / Code Execution

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent...

InstantCoder v1.0 iOS has multiple vulnerabilities

InstantCoder v1.0 iOS suffers from local file inclusion and directory traversal vulnerabilities. 1 A remote attacker is able to include file/path requests without authentication. An attacker could also execute malicious attacks using persistent injection scripting code. 2 The vulnerability stems...

EMC M&R (Watch4net) Alerting Frontend XSS

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in EMC M&R Watch4net Alerting Frontend ------------------------------------------------------------------------ Han Sahin, November 2014...

Imatix Xitami 2.5 GSL Template Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5025/info Imatix Xitami is a webserver for Microsoft Windows operating systems. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. Xitami fails to check URLs for...

NullLogic Null HTTPd 0.5 Error Page Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5603/info NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. As a result, when an...