OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-03047)

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via a task...

Open-xchange OX App Suite 跨站脚本漏洞

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via a task...

IBM MQ 8.0 <= 8.0.0.10 / 9.0.1 <= 9.0.5 CD / 9.0 <= 9.0.0.5 LTS / 9.1 <= 9.1.0.0 LTS (734297)

The version of IBM MQ Server running on the remote host is affected by a vulnerability. IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. Note that Nessus has not tested for this issue but...

activemq: remote XSS in web console diagram plugin

A flaw was found in activemq. A specifically crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info...

F5 Networks BIG-IP : BIG-IP MQTT iRule vulnerability (K62830532)

When your system handlesMQTT traffic through a BIG-IP virtual server associated with an MQTT profile, and an iRule performs manipulations on that traffic, TMM may produce a core file. CVE-2020-5935 Impact The Traffic Management Microkernel TMM may generate a core file and restart, causing a high...

CVE-2020-14194

Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link...

OPENSUSE-SU-2020:1141-1 Security update for targetcli-fb

This update for targetcli-fb fixes the following issues: - CVE-2020-13867: Fixed the permissions in /etc/target bsc1172743 This update was imported from the SUSE:SLE-15-SP1:Update update project...

PT-2020-13788

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis versions 2.5.0 through 2.13.0 Description A specially crafted MQTT packet with an XSS payload as client-id or topic name can exploit this issue. The XSS payload is injected into the admin console's browser and is...

GHSA-5X3V-2GXR-59M2 Directory traversal in Apache RocketMQ

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversa...

Directory Traversal

rocketmq-broker is vulnerable to directory traversal. The automatic topic creation which is enabled by default, allows a folder name containing ../ characters to be created. This results in the writing of arbitrary directory in the parent directories, potentially overwriting existing folders...

Directory traversal

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversa...

Denial Of Service (DoS)

mosquitto is vulnerable to denial of service DoS. The vulnerability exists in Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a...

Denial Of Service (DoS)

Eclipse Mosquitto is vulnerable to denial of service DoS. It is possible when a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, leading to an unreachable assert and quiting the Mosquitto...

Seeing Book Shelves on Virtual Calls

I have a confession... for me, the best part of virtual calls, or seeing any reporter or commentator working for home, is being able to check out their book shelves. I never use computer video, because I want to preserve the world's bandwidth. That means I don't share what my book shelves look li...

Eclipse Mosquitto Denial Of Service (CVE-2019-11779)

A stack overflow exists in Eclipse Mosquitto. The vulnerability is due to insufficient handling of the Topic in MQTT SUBSCRIBE messages. A remote attacker can exploit this vulnerability by sending a crafted MQTT SUBSCRIBE message with a large number of topic hierarchy separators in the topic...

Dolibarr Cross-Site Scripting Vulnerability (CNVD-2020-10498)

Dolibarr ERP/CRM is an open source software/freeware for small and medium-sized businesses, organizations or freelancers. It includes different features such as Enterprise Resource Planning ERP and Customer Relationship Management CRM, as well as applications for other different activities. A...

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

Design/Logic Flaw

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

UBUNTU-CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...