EUVD-2019-16967

Malware in sbrugna...

CVE-2024-23060

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function...

RUSTSEC-2020-0001 Stack overflow when resolving additional records from MX or SRV null targets

There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records, i.e. '.'. Example effected zone record: text no-service...

Juniper ATP Cross-Site Scripting Vulnerability (CNVD-2019-24385)

Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. A cross-site scripting vulnerability exists in the Zone configuration in Juniper ATP...

CVE-2019-0026

A persistent cross-site scripting XSS vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...

CVE-2019-0026

A persistent cross-site scripting XSS vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...

Cross site scripting

A persistent cross-site scripting XSS vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...

CVE-2019-0026 Juniper ATP: Persistent Cross-Site Scripting vulnerability in Zone configuration

A persistent cross-site scripting XSS vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...

CVE-2017-15093

When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. I...

Design/Logic Flaw

The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy...

Vulnerability in IE/Outlook ActiveX control

-----BEGIN PGP SIGNED MESSAGE----- Microsoft alerted me to a new vulnerability discovered by Georgi Guninski and now posted publicly. The vulnerability involves an ActiveX control that is installed by a variety of software, including Office/Outlook XP. The control exposes a method which should no...