CVE-2016-7074

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leadi...

Cybozu Garoon 3.5.0 - 4.6.2 Notification List SQLi Vulnerability

Cybozu Garoon is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cybozu:garoon";...

CVE-2017-7509

CVE-2017-7509 affects the Red Hat Certificate System prior to version 8.1.20-1. Root cause: input validation error in handling of client-provided certificates when the certreq field is missing, triggering an assertion error and causing a denial of service. Impact: denial of service with partial t...

Instagram-Clone Script Cross-Site Scripting Vulnerability

Instagram is a photo sharing app.Instagram Clone is open source Instagram clone app for iOS, Android and Web. Provides customization features to integrate app ideas into the Instagram app. A cross-site scripting vulnerability exists in Instagram-Clone Script 2.0, which arises due to an input...

Cybozu Office 10.0.0 - 10.8.0 Multiple Vulnerabilities

Cybozu Office is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cybozu:office"; ifdescription...

Canon PrintMe / EFI XSS Vulnerability

Canon PrintMe / EFI software is prone to a cross-site scripting XSS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Input Validation Error Vulnerability in Various GE PACSystems Products

PACSystems RX3i CPE305/310,RX3i CPE330,RX3i CPE 400 are programmable automation controller products of GE. An input validation error vulnerability exists in various GE PACSystems products. The vulnerability stems from the device failing to properly validate inputs, allowing a remote attacker to...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-0289

A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could...

Input validation

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may...

CVE-2018-10591

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may...

CVE-2018-10591

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may...

CVE-2018-10591

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may...

CVE-2018-10591

CVE-2018-10591 is an origin-validation error affecting Advantech WebAccess family (WebAccess, Dashboard, Scada Node, NMS) prior to specific versions. The issue could let an attacker craft a malicious site, steal session cookies, and access data of authenticated users. Connected documents confirm ...

OMRON CX-One CX-FLnet Version and Node Name Heap-based Buffer Overflow (CVE-2018-8834)

A heap-based overflow exists in OMRON CX-One CX-FLnet module. The vulnerability is due to input validation error when processing Version and Node Name parameter of the FLN configuration file. A remote attacker could exploit these vulnerabilities by enticing a target user into opening a maliciousl...

Foxit Reader XFA Button Remote Code Execution Vulnerability (CNVD-2018-09950)

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of the XFA Button element, which can be exploited by an attacker to execute arbitrary code in the context of the current process due to a failure to validate an object befor...

CVE-2018-9006

In Advanced SystemCare Ultimate 11.0.1.58, the driver file Monitorwin7x64.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004...

CVE-2018-0087

A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...

CVE-2018-7320

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets...

Tiki Wiki CMS Groupware Multiple Vulnerabilities (Feb 2018)

Tiki Wiki CMS Groupware is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...