Cross site scripting

Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field after a successful login with the Web Admin Password...

CVE-2020-7470

Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field after a successful login with the Web Admin Password...

ROS communications-related packages input validation error vulnerability

ROS communications-related packages is a package related to ROS Robot Operating System communications. An input validation error vulnerability exists in parseOptions in the tools/rosbag/src/record.cpp file in ROS communications-related packages version 1.14.3 and earlier. The vulnerability stems...

GNU LibreDWG Double Release Vulnerability

GNU LibreDWG is a GNU Project C library for working with DWG files. A double release vulnerability exists in the 'dwgfree' function of the free.c file in GNU LibreDWG versions prior to 0.93. The vulnerability stems from mismanagement of system resources e.g., memory, disk space, files, etc. by a...

Design/Logic Flaw

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...

CVE-2014-8356

The CVE-2014-8356 issue affects Zhone zNID GPON 2426A and related 24xx/42xx/26xx/28xx-series devices, with firmware older than S3.0.501. The vulnerability arises from an Insecure Direct Object Reference that allows remote authenticated users to bypass access controls by altering server responses ...

CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

Sophos Cyberoam firewall appliance shell injection vulnerability

Sophos Cyberoam firewall appliance is a firewall appliance from Sophos UK.CyberoamOS is the set of operating systems that run on it. A security vulnerability exists in the Sophos Cyberoam firewall appliance running CyberoamOS versions prior to 10.6.6 MR-6. The vulnerability can be exploited by an...

CVE-2019-17059

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...

CVE-2019-17059

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...

Sql injection

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...

CVE-2019-17059

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...

CVE-2019-17491

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemdescription parameter to web/admin/problem/create or web/polygon/problem/update...

CVE-2019-17493

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemsampleinput parameter to web/admin/problem/create or web/polygon/problem/update...

Design/Logic Flaw

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemdescription parameter to web/admin/problem/create or web/polygon/problem/update...

Design/Logic Flaw

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemsampleinput parameter to web/admin/problem/create or web/polygon/problem/update...

CVE-2019-17491

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemdescription parameter to web/admin/problem/create or web/polygon/problem/update...

CVE-2019-17491

Jiangnan Online Judge (jnoj) 0.8.0 is affected by a stored/reflected XSS in the Problem[description] parameter used by web/admin/problem/create and web/polygon/problem/update. The root cause is insufficient validation/escaping of client-side data in the WEB application, allowing injection of scri...

CVE-2019-17493

CVE-2019-17493 affects Jiangnan Online Judge (jnoj) 0.8.0. It has a cross-site scripting (XSS) vulnerability triggered by the Problem[sample_input] parameter in web/admin/problem/create or web/polygon/problem/update. Root cause per CNVD entry is lack of proper validation of client-side data. Impa...

[SECURITY] Fedora 31 Update: phpMyAdmin-4.9.1-1.fc31

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...