3242 matches found
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
Embed Video Scripts - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Embed Video Scripts - Cross-site Script stored Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/...
Embed Video Scripts - Persistent Cross-Site Scripting
Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/ Software Link:...
DEBIAN-CVE-2018-20671
loadspecificdebugsection in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size...
UBUNTU-CVE-2018-20671
loadspecificdebugsection in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size...
CVE-2018-20671
loadspecificdebugsection in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size...
WebFairy Mediat 1.4.1 Cross Site Scripting
Exploit Title: Mediat 1.4.1 - Cross-site Script Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: http://webfairy.net/ Software Link: https://github.com/WebFairyNet/Mediat Demo Website:...
CVE-2018-20338
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section...
CVE-2018-19596
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506...
CVE-2018-19506
Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI...
Design/Logic Flaw
Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI...
CVE-2018-19506
Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI...
CVE-2018-19596
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506...
CVE-2018-19506
Zurmo 3.2.4 is identified as affected by an XSS vulnerability in the reports module. The issue arises when an admin uses the name parameter in the reports section (URI: app/index.php/reports/default/details?id=1), enabling script injection. The NVD entry for CVE-2018-19506 documents this XSS, wit...
CVE-2018-19506
Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI...
Moderate: Red Hat Security Advisory: java-1.8.0-ibm security update
An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for th...
binutils: NULL pointer dereference in elf.c
The ignoresectionsym function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, does not validate the outputsection pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial o...