CVE-2024-39174

A cross-site scripting XSS vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article...

CVE-2024-39174

CVE-2024-39174 affects yzmcms v7.1, where the Publish Article function is vulnerable to cross-site scripting (XSS) via a crafted payload injected into a published article. The issue is described consistently across sources (RH, NVD, OSV, CNNVD, CVE listings) as a reflected/stored-style XSS vulner...

CVE-2023-41570

Affected product/versions: MikroTik RouterOS 7.1–7.11. Vulnerability: Incorrect Rest API access control mechanisms, enabling potential unauthorized information disclosure. Root cause: improper access control in the Rest API. Impact: Network-exposed vulnerability with high confidentiality impact; ...

CVE-2020-21088

X2engine/X2CRM 7.1 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that allows remote attackers to obtain sensitive information by injecting arbitrary script/HTML through the First Name and Last Name fields on the /index.php/contacts/create page. Root cause is untrusted inp...

CVE-2021-30055

A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'paryear' parameter when running a report...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by an error within the tracing functionality. (CVE-2019-4491)

Summary An error was found within the IBM MQ tracing functionality that would allow an attacker to execute a denial of service attack against IBM MQ. Vulnerability Details CVEID: CVE-2019-4491 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error within the tracing...

Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by a memory leak in the clustering code. (CVE-2019-4141)

Summary A vulnerability was found in the clustering code that caused a memory leak. This could be exploited by an attacker to execute a denial of service attack against a queue manager. Vulnerability Details CVEID: CVE-2019-4141 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caus...

Security Bulletin: OpenSource Apache Taglibs Vulnerability in FastBack for Workstations Central Administration Console (CVE-2015-0254)

Summary There is a vulnerability in FastBack for Workstations Central Administration Console in the underlying IBM WebSphere Application Server with the Apache Standard Taglibs which could allow a remote attacker the ability to execute arbitrary code on the system . Vulnerability Details CVEID:...

Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM QRadar SIEM (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM QRadar Security Information and Event Manager SIEM. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, cause...

Security Bulletin: IBM MQ Invalid channel protocol flows cause denial of service on HP-UX (CVE-2016-8915)

Summary An invalid TSH flow could result in the termination of any channels running on threads within the same responding MCA process on the HP-UX platform. Vulnerability Details CVEID: CVE-2016-8915 DESCRIPTION: For an authenticated user with access to the queue manager and queue, IBM MQ might...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM WebSphere MQ (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere MQ. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Message Broker shipped with WebSphere Remote Server

Summary WebSphere Message Broker is shipped as a component of WebSphere Remote Server. Information about multiple security vulnerabilities affecting WebSphere Message Broker has been published in a security bulletin. Vulnerability Details For vulnerabilities details, see the security bulletin...

Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE

Summary This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment JRE included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security...

Sql injection

Zenario v7.1 - v7.6 has SQL injection via the Name input field of organizer.php or adminboxes.ajax.php in the Categories - Edit module...

CVE-2018-5960

Zenario v7.1 - v7.6 has SQL injection via the Name input field of organizer.php or adminboxes.ajax.php in the Categories - Edit module...

Cisco Nexus 5000 Series Switches NX-OS System Software Command Injection Vulnerability

Cisco Nexus 5000 Series Switches are the Cisco Nexus series of data center-class switches from Cisco, Inc.Cisco NX-OS System Software is the data center operating system that runs on them. A command injection vulnerability exists in the CLI of Cisco NX-OS System Software versions 7.1 through 7.3 ...

InduSoft Web Studio < v7.1 + SP2 + P2 Security System Vulnerability

Binary data 8260.prm...

Enterpriser16 LB 7.1 Cross Site Scripting

Title: ====== Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: ===== 2012-12-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=785 VL-ID: ===== 785 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= Load...

Siemens SIMATIC STEP 7 DLL Vulnerability

Overview Siemens has released a software update for a DLL hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software. Previous versions of SIMATIC STEP 7 and PCS 7 allowed the loading of malicious DLL files into the STEP 7 project folder that can be used to attack the system on which ST...

NSOADV-2009-003: Websense Email Security Cross Site Scripting

Security Advisory NSOADV-2009-003 Title: Websense Email Security Cross Site Scripting Severity: Low Advisory ID: NSOADV-2009-003 Found Date: 28.09.2009 Date Reported: 01.10.2009 Release Date: 20.10.2009 Author: Nikolas Sotiriu Mail: nso-research at sotiriu.de URL:...