ERPNext 11.1.47 allows blog?blog_category= Frame Injection.
Overview : ERPNext 11.1.47 allows blog?blog_category= Frame Injection. Affected Product(s) : Affected Software: ERPNext Affected Versions: 11.1.47 Vulnerability Details : CVE ID
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71
Overview : Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1
Overview : Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update
LogicalDoc before 8.3.3 allows SQL Injection
Overview : LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability
Overview : Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted
Overview : SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID
cPanel before 84.0.20 allows a demo account to achieve remote code execution
Overview : cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks
Overview : OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users’ image
Umbraco CMS 8.5.3 allows an authenticated file upload
Overview : Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation
Overview : Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.An information disclosure vulnerability has
cPanel before 82.0.18 Account bypass vulnerability
Overview : cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). Affected
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 SQL Injection Vulnerability
Overview : SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server
Overview : A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server
Overview : A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request
Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0
Overview : An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated
Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5
Overview : A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote,
TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server
Overview : The Spotfire library component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire
Apache ShardingSphere(incubator) deserialization vulnerability
Overview : In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere’s web console uses the SnakeYAML library for parsing YAML inputs
Puppet Server and PuppetDB may leak sensitive information via metrics API
Overview : Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this
vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020
Overview : An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated
Security issues for SAP products
Overview : Multiple issues was discovered in SAP products Affected Product(s) : SAP Solution Manager 720 SAP Enable Now before
Incorrect default permissions vulnerability in Dell Digital Delivery versions prior to 3.5.2015
[vc_row][vc_column][vc_column_text] Overview : Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged
Bot Detection
[vc_row][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text][/vc_column_text][/vc_column][vc_column width=”1/2″][vc_empty_space height=”15px”][vc_column_text] Bot Detection The Problems 20% of all web traffic is bad bots targeting APIs to