Stored Cross-Site Scripting Vulnerability in the Daimi CMS v6.0.5 da***.me***.php File

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the Daimi CMS da.me.php file. An attacker can insert malicious js code into the page to obtain user cookies and other information, leading to user...

CVE-2018-6707

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent MA 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism...

Digital Arts i-FILTER Cross-Site Scripting Vulnerability

Digital Arts i-FILTER is a server-based Web filtering software from Digital Arts Japan. The software is mainly used to monitor Web access and protect outbound and inbound traffic. A cross-site scripting vulnerability exists in Digital Arts i-FILTER 9.50R05 and earlier versions. A remote attacker...

CVE-2018-7956

Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information...

IBM Rational Publishing Engine Cross-Site Scripting Vulnerability

IBM Rational Publishing Engine is a set of document automation solutions from IBM. The program can generate Rational product documentation , but also supports the choice of other vendors to generate documentation for the application . A cross-site scripting vulnerability exists in IBM Rational...

CVE-2018-1533

IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

IBM Rational Quality Manager HTML Injection Vulnerability

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-12873)

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

IBM DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2018-12868)

IBM DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently and share unified user, server and...

IBM RQM/RCLM Information Disclosure Vulnerability

IBM Rational Quality Manager is a Web-based collaborative quality management solution.IBM Rational Collaborative Lifecycle Management is an application lifecycle management solution. IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management versions 5.0-5.0.2 and 6.0-6.0.5...

IBM RQM/RCLM Cross-Site Scripting Vulnerability (CNVD-2018-12619)

IBM Rational Quality Manager is a Web-based collaborative quality management solution.IBM Rational Collaborative Lifecycle Management is an application lifecycle management solution. A cross-site scripting vulnerability exists in the implementation of IBM Rational Quality Manager and IBM Rational...

IBM RQM/RCLM Cross-Site Scripting Vulnerability (CNVD-2018-12633)

IBM Rational Quality Manager is a Web-based collaborative quality management solution.IBM Rational Collaborative Lifecycle Management is an application lifecycle management solution. A cross-site scripting vulnerability exists in the implementation of IBM Rational Quality Manager and IBM Rational...

CVE-2017-1316

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

CVE-2017-1281

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

IBM Rhapsody Design Manager Information Disclosure Vulnerability

IBM Rhapsody Design Manager DM is a suite of collaborative design management software from IBM. The software supports the use of centralized system repositories with Web-based access to store, share, search, and manage design models, as well as software to automate design reviews. A security...

waterline-sequel SQL Injection Vulnerability

waterline-sequel is a helper library for generating SQL queries from the Waterline query language. A security vulnerability exists in waterline-sequel version 0.50. An attacker can exploit this vulnerability to inject and execute SQL statements to gain full access to the database...

spring-framework: Directory traversal vulnerability with static resources on Windows filesystems

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

UBUNTU-CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

FreeXL Heap Buffer Out-of-Bounds Read Vulnerability

FreeXL is an open source library for extracting valid data from Excel .xls spreadsheets developed by software developer Alessandro Furieri. A heap buffer out-of-bounds read vulnerability exists in the 'readminibiffnextrecord' function in versions of FreeXL prior to 1.0.5. An attacker could exploi...