Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Overview : Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission,
Overview : The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which
SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA)
Overview : An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02,
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
Overview : There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0
Overview : This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication
phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability
Overview : In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of
Common Vulnerabilities and Exposures Container Security cyber security news Web Application Firewall
Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account
Overview : cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the
ERPNext 11.1.47 allows blog?blog_category= Frame Injection.
Overview : ERPNext 11.1.47 allows blog?blog_category= Frame Injection. Affected Product(s) : Affected Software: ERPNext Affected Versions: 11.1.47 Vulnerability Details : CVE ID
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71
Overview : Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1
Overview : Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update
LogicalDoc before 8.3.3 allows SQL Injection
Overview : LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability
Overview : Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted
Overview : SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID
cPanel before 84.0.20 allows a demo account to achieve remote code execution
Overview : cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks
Overview : OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users’ image
Umbraco CMS 8.5.3 allows an authenticated file upload
Overview : Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation
Overview : Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.An information disclosure vulnerability has
cPanel before 82.0.18 Account bypass vulnerability
Overview : cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). Affected
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 SQL Injection Vulnerability
Overview : SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server
Overview : A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server
Overview : A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request
Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0
Overview : An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated
Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5
Overview : A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote,
TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server
Overview : The Spotfire library component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire