20 matches found
[SECURITY] [DLA 2159-1] okular security update
Package : okular Version : 4:4.14.2-2+deb8u2 CVE ID : CVE-2020-9359 Debian Bug : 954891 Mickael Karatekin from Sysdream Labs discovered that the Okular document viewer allows code execution via an action link in a PDF document. For Debian 8 "Jessie", this problem has been fixed in version...
Zimbra Collaboration Cross Site Scripting
CVE-2018-14013 Reflected Cross-Site Scripting XSS vulnerabilities in Zimbra Collaboration Description Two XSS vulnerabilities have been discovered in Zimbra Collaboration initially in version 8.8.8. Zimbra Collaboration is an open source messaging and collaboration solution. Vulnerability records...
AudioCode 400HD Cross Site scripting
CVE-2018-10091 Stored XSS vulnerabilities in AudioCode IP phones Description The AudioCodes 400HD series of IP phones is a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. Most of user inputs in the CG...
AudioCode 400HD Remote Command Injection
CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...
UCOPIA Wireless Appliance 5.1.8 - Local Privilege Escalation
UCOPIA Wireless Appliance 5.1.8 - Local Privilege Escalation CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA...
UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape
CVE-2017-11321 UCOPIA Wireless Appliance You can also retrieve the IP address of the outgoing interface. For this, you need to log in to the terminal of the virtual machine with the following username and password: admin/bhu85tgb, and then execute the interface command. By logging in within these...
UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation
CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners...
UCOPIA Wireless Appliance 5.1.8 - Restricted Shell Escape
UCOPIA Wireless Appliance 5.1.8 - Restricted Shell Escape CVE-2017-11321 UCOPIA Wireless Appliance You can also retrieve the IP address of the outgoing interface. For this, you need to log in to the terminal of the virtual machine with the following username and password: admin/bhu85tgb, and then...
UCOPIA Wireless Appliance Privilege Escalation Vulnerability
Exploit for linux platform in category local exploits CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA solutions...
UCOPIA Wireless Appliance Privilege Escalation
CVE-2017-11322 UCOPIA Wireless Appliance 5.1.8 Privileges Escalation Asset description UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers. More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners...
UCOPIA Wireless Appliance Restricted Shell Escape
CVE-2017-11321 UCOPIA Wireless Appliance You can also retrieve the IP address of the outgoing interface. For this, you need to log in to the terminal of the virtual machine with the following username and password: admin/bhu85tgb, and then execute the interface command. By logging in within these...
PhpCollab 2.5.1 Shell Upload
CVE-2017-6090 PhpCollab 2.5.1 Arbitrary File Upload unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. Arbitrary File Upload The phpCollab code does not correctly filter uploaded file contents. An...
Debian DLA-695-1 : spip security update
Multiple vulnerabilities have been discovered in SPIP, a website engine for publishing written in PHP. CVE-2016-7980 Nicolas Chatelain of Sysdream Labs discovered a cross-site request forgery CSRF vulnerability in the validerxml action of SPIP. This allows remote attackers to make use of potentia...
SPIP 3.1.2 Server Side Request Forgery
SPIP 3.1.2 Server Side Request Forgery CVE-2016-7999 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence. Vulnerability Description It...
SPIP 3.1.2 Template CompilerComposer - PHP Code Execution
SPIP 3.1.2 Template CompilerComposer - PHP Code Execution SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free...
SPIP 3.1.2 Template Compiler / Composer PHP Code Execution
SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence...
SPIP 3.1.2 - Cross-Site Request Forgery
SPIP 3.1.2 Exec Code Cross-Site Request Forgery CVE-2016-7980 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence. Vulnerability...
SPIP 3.1.2 Cross Site Request Forgery
SPIP 3.1.2 Exec Code Cross-Site Request Forgery CVE-2016-7980 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence. Vulnerability...
Google.fr Cross Site Scripting
Cross-site scripting vulnerability found on www.google.fr We were able to identify a cross-site scripting XSS vulnerability in the main domain of Google: www.google.fr. Description Cross-site scripting is a kind of vulnerability that allows an attacker to send malicious code, usually in the form ...
Zimbra 8.0.9 GA Cross Site Request Forgery
====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA Release, enabling to change account preferences like...