WordPress Cartogiraffe Map 1.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Cartogiraffe Map Plugin 1.0 Cartogiraffe Map Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress Secure HTML5 Video Player 3.14 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Secure HTML5 Video Player Plugin 3.14 Secure HTML5 Video Player Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issu...

WordPress Duplicator Migration 1.2.28 Cross Site Scripting Vulnerability

WordPress Duplicator Migration plugin version 1.2.28 suffers from a cross site scripting vulnerability. Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Duplicator a WordPress Migration Plugin 1.2.28 Duplicator a WordPress Migration Plugin is prone to a stored cross-site...

WordPress Duplicator Migration 1.2.28 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Duplicator a WordPress Migration Plugin 1.2.28 Duplicator a WordPress Migration Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may...

The vulnerability of the Locator/ID Separation (LISP) protocol implementation in Cisco IOS allows a hacker to bypass the authentication process.

The vulnerability of the Locator/ID Separation LISP protocol implementation in Cisco IOS is related to defects in the authentication process logical error. Exploiting this vulnerability allows a malicious actor to bypass the authentication process by using special registration requests that trigg...

WordPress Pootle Button 1.1.1 Cross Site Scripting

Class Input Validation Error Remote Yes Reflected Yes Credit Ricardo Sanchez Vulnerable Pootle button plugin 1.1.1 Pootle button plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

Buffer overflow

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently attributes are not validated in wlanhddcfg80211doacs which can potentially lead to a buffer overread...

KLA11120 DoS vulnerability in Wireshark 2.0.x

A string validation error was found in DMP dissector in Wireshark 2.0.x. This vulnerability can be exploited remotely via a malformed packet to cause a denial of service. Original advisories CVE-2017-15191 Related products Wireshark CVE list CVE-2017-15191 warning Solution Update to the latest...

Solarwinds LEM Insecure Update Process

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Multiple Affected Version: Multiple Platform: Embedded Linux CWE Classification: CWE-284: Improper Access Control, CWE-346: Origin Validation Error Impact: Counterfeit Product Downloads Attack vector: HTTP 2. Vulnerability...

WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting Vulnerability

WordPress 2kb Amazon Affiliates Store plugin versions 2.1.0 and below suffer from a cross site scripting vulnerability. WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting Vulnerability Class Input Validation Error CVE Remote Yes Reflected Yes Credit rsanchezr Vulnerable 2kb amazon...

WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting

Class Input Validation Error CVE Remote Yes Reflected Yes Credit rsanchezr Vulnerable 2kb amazon affiliates store WP plugin 2kb amazon affiliates store WP plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...

SUSE / Portus 2.2 Cross Site Scripting Vulnerability

SUSE/Portus version 2.2 suffers from a persistent cross site scripting vulnerability. Class Input Validation Error Remote Yes Stored Yes Credit rsanchezr Vulnerable SUSE/Portus 2.2 - https://github.com/SUSE/Portus Portus 2.2 is prone to a cross-site scripting vulnerability because it fails to...

SUSE/Portus 2.2 Cross Site Scripting

Class Input Validation Error Remote Yes Stored Yes Credit rsanchezr Vulnerable SUSE/Portus 2.2 - https://github.com/SUSE/Portus Portus 2.2 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

GLSA-201709-04 : mod_gnutls: Certificate validation error

The remote host is affected by the vulnerability described in GLSA-201709-04 modgnutls: Certificate validation error It was discovered that the authentication hook in modgnutls does not validate clients certificates even when option GnuTLSClientVerify is set to require. Impact : A remote attacker...

Cybozu Garoon 3.0.0 - 4.2.5 Multiple XSS Vulnerabilities

Cybozu Garoon is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Google Chrome < 60.0.3112.78 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 60.0.3112.78. It is, therefore, affected by multiple vulnerabilities as referenced in the 201707stable-channel-update-for-desktop advisory. - An issue was discovered in certain Apple products. iOS before 10.3.2 is...

Foxit PhantomPDF Arbitrary Write RCE Vulnerability - Windows

Foxit PhantomPDF is prone to an arbitrary write vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

HPE Intelligent Management Center dbman RestartDB Command Injection (CVE-2017-5816)

A command injection vulnerability exists in the dbman component of HPE Intelligent Management Center. The vulnerability is due to improper validation of the dbInstance parameter when handling RestartDB commands. A remote, unauthenticated attacker can exploit the vulnerability by sending a...

IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow (CVE-2017-1092)

A heap buffer overflow exists in IBM's Informix Dynamic Server and Informix Open Admin Tool. The vulnerability is due an input validation error when processing requests sent to index.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request...

CVE-2017-9599

The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...