Accentis Content Resource Management System suffer from a cross site scripting vulnerability.
Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a cross site
Multiple issues in Cloud Foundry Products
Overview : UAA logs all query parameters with debug logging level Affected Product(s) : CF Deployment All versions prior to
Improper Neutralization of CRLF Sequences in HTTP Headers in Versions of Armeria 0.85.0 through and including 0.96.0
Overview : Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers
Apache Struts2 vulnerabilities discovered while processing malformed XSLT files
Overview : A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a
Denial of Service vulnerability in SSL VPN service of FortiOS
Overview : New vulnerabilities discovered in FortiOS Affected Product(s) : FortiOS versions 6.2.1 and below. FortiOS versions 6.0.6 and below.
XSS attack in Drupal Views Builk Operations module 6.x-1.0 through 6.x-1.10
Overview : Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the
Multiple issues was discovered in Symfony
Overview : Multiple issues was discovered in Symfony Affected Product(s) : Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0
MediaWiki Multiple XSS vulnerabilities
Overview : New vulnerabilities discovered in MediaWiki Affected Product(s) : MediaWiki before 1.19.4 and 1.20.x before 1.20.3 Vulnerability Details :
Multiple vulnerabilities have been found in Tiki Wiki
Overview : New vulnerabilities discovered in Tiki Wiki Affected Product(s) : Tiki 7.2 & 8.0 RC1 Vulnerability Details : CVE
Openfind MAIL2000 Webmail vulnerabilities
Overview : Multiple flaws in Openfind MAIL2000 through version 6.0 and 7.0 Affected Product(s) : Openfind MAIL2000 through version 6.0
Cross-site Scripting Vulnerability in Zikula Application Framework
Overview : Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ‘themename’ parameter
Apache NiFi 1.3.0 – 1.9.2 cyber flaws released
Overview : Multiple flaws was discovered in NiFi versions 1.3.0 to 1.9.2 Affected Product(s) : Apache NiFi 1.3.0 – 1.9.2
Apache Shiro before 1.4.2 prone to padding attack
Overview : Apache Shiro before 1.4.2 padding attack through susceptible cookies Affected Product(s) : Apache Shiro 1.4.1 Vulnerability Details : CVE
SQL Injection attack in pimcore before 6.3.0
Overview : Pimcore data leakage Flaws through SQL Injection Affected Product(s) : pimcore/pimcore before 6.3.0 Vulnerability Details : CVE ID :
Unprotected API lets remote users control Philips Taolight Smart Wi-Fi Wiz Contol
Overview : Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb API Flaws Affected Product(s) : Philips Taolight Smart Wi-Fi Wiz
phpbb 3.0.x-3.0.6 has an XSS vulnerability
Overview : some issues found in phpbb 3.0.x-3.0.6 with an XSS vulnerability. Affected Product(s) : phpbb 3.0.x-3.0.6 Vulnerability Details :
New vulnerabilities discovered in SAP products
Overview : New vulnerabilities discovered in SAP products Affected Product(s) : SAP Vulnerability Details : CVE ID : CVE-2019-0388 [[CVE-2019-0388] Content
WSO2 IS as Key Manager 5.7.0 allows web vulnerabilities
Overview : An attacker can trick a privileged user while using WSO2 IS as Key Manager Affected Product(s) : WSO2
Matrix Synapse APIs prone to attack
Overview : Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Affected Product(s) : Matrix Synapse before 1.5.0
An access control issue in MantisBT before 1.2.13
Overview : An access control issue in MantisBT before 1.2.13 allows users with “Reporter” permissions to change any issue to
Access token validation errors affects all versions of Apache CXF prior to 3.3.4 and 3.2.11.
Overview : Apache CXF OpenId Connect token service does not properly validate the clientId Affected Product(s) : Apache CXF prior
Open Redirection in Drupal6 version 6.16
Overview : drupal6: SA-CORE-2010-002 – Drupal core – Multiple vulnerabilities Affected Product(s) : Drupal6 version 6.16 Vulnerability Details : CVE
SQL Injection flaw in SuiteCRM
Overview : SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. Affected Product(s) :
Linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.
Overview : linux vserver priviledge escalation in remount code Affected Product(s) : linux vserver 2.6 before 2.6.17 Vulnerability Details :