Intel Active Management - Authentication Bypass

Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology AMT and Intel Standard Manageability. A non-privileged local attacker can provision...

EUVD-2018-8087

Malware in sbrugna...

CVE-2021-23006

On all 7.x and 6.x versions fixed in 8.0.0, undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

CVE-2009-1178

Unspecified vulnerability in the server in IBM Tivoli Storage Manager TSM 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."...

Rockwell Automation ThinManager

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Path Traversal, Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

RSA Archer Cross-Site Scripting Vulnerability (CNVD-2022-82254)

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. a cross-site scripting vulnerability exists in Archer versions 6.x inclusive through 6.9.3.0 inclusive. A remote attacker could exploit the...

CVE-2021-22995

On all 7.x and 6.x versions fixed in 8.0.0, BIG-IQ high availability HA when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

MetInfo Cross-Site Scripting Vulnerability (CNVD-2019-03299)

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A cross-site scripting vulnerability exists in MetInfo versions 6.x to 6.1.3, which can be exploited by remote attackers to execute JavaScript code by sending the 'urlarray' paramete...

Cross site scripting

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

Design/Logic Flaw

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server ATS. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users...

Microsoft PowerShell Core Security Feature Bypass Vulnerability (Jul 2018) - Linux

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2018-8356. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2014-8540

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks...

UBUNTU-CVE-2016-3836

The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402...

UBUNTU-CVE-2016-0847

The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502...

CVE-2016-0225

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors...

Drupal UC Profile Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.UC Profile is one of the modules used to create and configure user profiles and files. An information disclosure vulnerability exists in the Drupal UC Profile module in versions 6.x-1.x...

CVE-2015-6660

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."...

Movable Type Rich Text Editor脚本注入漏洞

Movable Type是一款基于WEB的网络博客系统。 由于通过网页键入的输入在富文本编辑器显示之前缺少过滤。在恶意数据被查看时，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 下列产品和版本存在漏洞： Movable Type Pro version 6.0 Movable Type Pro versions 5.2.x, 5.1x, and 5.0x Movable Type Open Source MTOS versions 5.2.x, 5.1x, and 5.0x Movable Type Advanced / Movable Type...

Apache Tomcat Multiple Critical Vulnerabilities

Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS Denial of Service attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x . Apache Tomcat vulnerabilities...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...