65 matches found
Chadha PHPKB cross-site scripting vulnerability (CNVD-2020-17364)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflected cross-site scripting vulnerability exists in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language version 9...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17136)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-17946)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-18160)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-18661)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17140)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-18657)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-17955)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha PHPKB Standard...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17155)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-17948)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...
CVE-2019-8458
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software...
DJI Patches Forum Bug That Allowed Drone Account Takeovers
Leading commercial drone maker DJI patched a cross-site scripting bug impacting its forums that could have allowed a hacker to hijack user accounts and gain access to sensitive online data, ranging from flight images, bank card data, flight records and even real time camera images. The...
Critical Out-of-Band Patch Issued for Adobe Acrobat Reader
Adobe released patches for seven flaws in an unscheduled update for its Acrobat Reader and DC product, which could lead to arbitrary code execution. The patches, released Wednesday, come one week after Adobe’s regularly-scheduled September update. The flaws addressed include one “critical”...
Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-308-02A Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 22, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of a public report of resource consumption...
Jkanime Site Infected, Redirecting to Exploit Kit, Ransomware
An anime site popular in Mexico and South America was this week infected with malware redirecting visitors to a Neutrino Exploit Kit landing page. The site, Jkanime, streams anime video and has 33 million monthly visitors. Neutrino is currently the top dog among exploit kits after two of the bigg...
Nuclear, Angler Exploit Kit Activity Has Disappeared
Criminal hackers are fickle about their attack vectors. You need to look no further for evidence of this than their constant migration from one exploit kit to another. And while there is an expansive menu of exploit kits, attackers do seem to congregate around a precious few. Researchers who stud...
Debian DSA-3183-1 : movabletype-opensource - security update
Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and...
Debian Security Advisory DSA 3183-1 (movabletype-opensource - security update)
Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and...
Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Overview A regular expressions C library originally written by Henry Spencer is vulnerable to a heap overflow in some circumstances. Description CWE-122: Heap-based Buffer Overflow From the researcher, the variable len that holds the length of a regular expression string is "enlarged to such an...
Bugzilla Vulnerability Exposes Bug Collections
Hundreds of open source software projects that make use of Bugzilla, Mozilla’s bug-tracking software, anxiously await a patch for a vulnerability that exposes private bugs collected by the system. Mozilla is today expected to make available a patch for the vulnerability in its account creation...