LiveZilla blind Javascript Injection – Cross Site Scripting (XSS)
Overview : An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in
Google Chrome Marks ICICI Bank’s Banking site as Unsafe – Attack or False Positive?
Google chrome’s anti-phishing algorithms show false positives? While trying to login to the internet banking website of India’s No:1 Private
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83
Overview : A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have
Wolf CMS versions 0.75 and below suffer from a persistent cross site scripting vulnerability
Overview : A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web
Security Notice for CA Unified Infrastructure Management
Overview : Multiple issues was discovered in CA Unified Infrastructure Management Affected Product(s) : UIM product versions 9.20 and below
Multiple SQL injection vulnerabilities in D-Link DSR-Routers
Overview : Multiple SQL injection vulnerabilities in D-Link DSR Routers Affected Product(s) : D-Link DSR-150 (Firmware < v1.08B44) D-Link DSR-150N
Vtiger CRM <= 6.3 Authenticated Remote Code Execution
Overview : Vtiger CRM version 6.3 (“Open Source” branch; released on 2015-06-04) and lower are vulnerable to Authenticated Remote Code
Improper access control checks for Nextcloud Server
Overview : A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of
Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities
Overview : Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers
Multiple Vulnerabilities on HashiCorp Consul
Overview : HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 Information Disclosure and DDoS Vulnerabilities Affected Product(s) : This vulnerability
Denial of Service vuln in web UI of Cisco Small Business Switches
Overview : A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to
XSS in WordPress Elementor Plugin 2.8.4
Overview : The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These
Disclosure of Private Merge Requests and Issues via Elasticsearch integration
Overview : An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE)
Potential CRLF injection attacks in Zend_Mail
Overview : CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1
D-Link DSR-250N Persistent Root Access
Overview : D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin
Persistent XSS vulnerability in filename of attached file in PrivateBin
Overview : PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2 has an Arbitrary File Upload Vulnerability Affected Product(s) :
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability
Overview : Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability Affected Product(s) : Prizm Content Connect 5.1 Vulnerability
Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504 is on authentication bypass vuln
Overview : An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript
Multiple vulnerabilities in IBM QRadar SIEM
Overview : Multiple security vulnerabilities have been fixed and delivered in IBM products. Affected Product(s) : IBM QRadar SIEM 7.3.0
Pearson eSIS message board has stored XSS vuln
Overview : Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input
A Cross-Site Scripting (XSS) vulnerability exists in Freebox OS Web interface 3.0.2
Overview : A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in
Simple Online Planning Tool multiple vulnerabilities
Overview : SO Planning is an open source online planning tool completely free, designed to easily plan projects / tasks
API Security Web Application Firewall
How can you secure your Exposed services without installing the patch by the vendor? Have a look at the use
XML Entity Injection Vulnerability in RSA Authentication Manager
Overview : RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious