Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504 is on authentication bypass vuln
Overview : An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript
Multiple vulnerabilities in IBM QRadar SIEM
Overview : Multiple security vulnerabilities have been fixed and delivered in IBM products. Affected Product(s) : IBM QRadar SIEM 7.3.0
Pearson eSIS message board has stored XSS vuln
Overview : Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input
A Cross-Site Scripting (XSS) vulnerability exists in Freebox OS Web interface 3.0.2
Overview : A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in
Simple Online Planning Tool multiple vulnerabilities
Overview : SO Planning is an open source online planning tool completely free, designed to easily plan projects / tasks
API Security Web Application Firewall
How can you secure your Exposed services without installing the patch by the vendor? Have a look at the use
XML Entity Injection Vulnerability in RSA Authentication Manager
Overview : RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious
Cisco Data Center Network Manager Vulnerabilities
Summary Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker
Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0
Overview : Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote
Unauthenticated Remote Code Execution Vulnerability in D-Link DIR-859
Overview : D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Affected
Craft CMS 3.1.12 Pro Cross Site Scripting
Overview : In the 3.1.12 Pro version of the Craft CMS web application, the XSS vulnerability has been discovered in
Stored XSS on Archery before 1.3
Overview : In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2
Overview : All HTML forms present in the Belkin F5D8236-4 v2 are susceptible to Cross-Site Request Forgery. Affected Product(s) :
An issue was discovered in Orckestra C1 CMS through 6.6
Overview : The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote
Remote Code Execution vulnerability in SonicWall
Overview : A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. Affected Product(s)
Some vulnerabilities in SQLite 3.30.1
Overview : multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls.
Multiple security vulnerabilities have been found in IBM products
Overview : Multiple security vulnerabilities have been fixed and delivered in IBM products. Affected Product(s) : IBM Financial Transaction Manager
Neuvector 3.1 and below to authenticate as a valid AD LDAP user using a blank password
Overview : NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an
The vulnerability is addressed in the 2018.1, 2018.2 versions of CloudVision Portal
Overview : In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to
Multiple issues was discovered in Backdrop CMS
Overview : Multiple issues was discovered in Backdrop CMS Affected Product(s) : Backdrop Core 1.14.x versions prior to 1.14.2 Backdrop
MITM vulnerability present in the Confluence Previews plugin
Overview : There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data
Unprivileged authenticated flaw in Ivanti Workspace Control before 10.3.180.0
Overview : Unprivileged authenticated flaw in Ivanti Workspace Control before 10.3.180.0 a locally authenticated user with low privileges can bypass
An issue was discovered in CloudForms Management Engine 5
Overview : CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration Affected Product(s) : CloudForms
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0
Overview : An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running “select hostdetails