88 matches found
CVE-2017-0888
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information...
Cross site scripting
An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting...
Content-Spoofing in "files" app (NC-SA-2017-006)
The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information...
Content-Spoofing in "dav" app - ownCloud
The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. Affected Software ownCloud Server 9.1.2 CVE-2016-???? core/96b8afe48570bc70088ccd8f897e9d71997d336e ownCloud Server 9.0.6 CVE-2016-????...
Server: Content-Spoofing in "dav" app
The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
ILas图书馆自动化集成系统 NTReaderCritic.aspx等2处 时间盲注漏洞
0x01漏洞简介 ILas图书馆自动化集成系统在NTReaderCritic.aspx和NTUniBookRetrInfo.aspx两个页面存在时间延迟注入漏洞。 0x02漏洞详情 NTReaderCritic.aspx sqlmap -u ".../NTReaderCritic.aspx?strRenco=1&strTitle=1" 相关代码如下: protected void PageLoadobject sender, EventArgs e if !base.IsPostBack if base.Request.QueryString"strRenco" != null &&...
FreeBSD : rabbitmq -- Security issues in management plugin (8469d41c-a960-11e4-b18e-bcaec55be5e5)
The RabbitMQ project reports : Some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI : - When a user unqueued a message from the management UI, message details header names, arguments, etc. were displayed unescaped. An attacker coul...