444 matches found
ZTE C520V21 Privilege Permission and Access Control Error Vulnerability
The ZTE C520V21 is a smart webcam from China's ZTE Corporation ZTE. A Permission Permission and Access Control Error vulnerability exists in the ZTE C520V21 version 2.1.14 and earlier versions, which can be exploited by an attacker to access other unauthorized files or resources by creating a URL...
CVE-2019-8995
The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user...
February 19, 2019—KB4487029 (OS Build 17134.619)
February 19, 2019—KB4487029 OS Build 17134.619 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Enables media content to play e-learning content with plug and play USB adapter cables on...
December 11, 2018—KB4471324 (OS Build 17134.471)
December 11, 2018—KB4471324 OS Build 17134.471 Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...
Infraserver Directory Traversal Vulnerability
infraserver is a RESTful server. A directory traversal vulnerability exists in infraserver. An attacker can exploit this vulnerability to gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...
DEBIAN-CVE-2018-12564
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...
Cypserver Directory Traversal Vulnerability
cypserver is a static file server. A directory traversal vulnerability exists in cypserver. An attacker can exploit this vulnerability by placing "... /" in a URL to access the file system...
Easy Hosting Control Panel Cross-Site Scripting Vulnerability
Easy Hosting Control Panel EHCP is an open source hosting control panel that is used to manage domains, emails, ftp users and more. A cross-site scripting vulnerability exists in EHCP version 0.37.12.b. The vulnerability stems from the program failing to properly validate user input. A remote...
Ajenti Information Disclosure Vulnerability
Ajenti is a Web-based open source server management system developed by Belarusian software developer Eugene Pankov. The system comes with a variety of pre-built plug-ins for configuring and monitoring server software and services such as Apache, scheduled tasks Cron and so on. An information...
GHSA-HWHH-2FWM-CFGW Doorkeeper is vulnerable to stored XSS and code execution
Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...
UBUNTU-CVE-2017-17521
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534...
PT-2017-14831 · Tin +2 · Tin +2
Name of the Vulnerable Software and Affected Versions: TIN version 2.4.1 Description: The issue concerns the tools/url handler.pl script in TIN, which does not validate strings before launching the program specified by the BROWSER environment variable. This might allow remote attackers to conduct...
Zhejiang Dahua Network Hard Disk Recorder DH-NVR2104HS-S1 has logical design loopholes
Zhejiang Dahua Network DVR DH-NVR2104HS-S1 is a network DVR that integrates 4-channel 10/100Mbps switch ports and supports 1080P HD real-time real-time preview and so on. A logical design vulnerability exists in the Zhejiang Dahua Network DVR DH-NVR2104HS-S1. An attacker can use the vulnerability...
DEBIAN-CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...
CVE-2017-16569
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting...
Cisco WebExCisco WebEx Network Recording Player Buffer Overflow Vulnerability
Cisco WebEx Network Recording Player is a U.S. Cisco Cisco company based on the WebEx network recorder network recording file player. A buffer overflow vulnerability exists in Cisco WebEx Network Recording Player. An attacker can exploit this vulnerability by delivering a malicious ARF file to a...
How to Create Web Link for Specific Citrix Secure App in XenMobile Store
This article describes how to create web link for specific Citrix Secure App in XenMobile Store...
The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure
The vulnerability of the Mail component in the Mac OS X operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures through a specially crafted URL...
UBUNTU-CVE-2016-6191
Multiple cross-site scripting XSS vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 Description, 2 Location, 3 URL, or 4 Title field...
CVE-2016-0218
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...