Latest Security vulnerabilities in Cisco products
Overview : Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability CWE-399/ CVE-2019-12646 A
Jenkins announces vulnerabilities
Overview : Stored XSS vulnerability in expandable textbox form control SECURITY-1498 / CVE-2019-10401 Jenkins form controls include an expandable textbox
User Credentials hacked in IBM Security Key Lifecycle Manager
Overview : IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can
XSS attacks in Joomla! 3.x before 3.9.12
Overview : In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
Exploitation in vBulletin allows remote command execution
Overview : vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. Affected
Attackers gain read access to privileged files in Niagara AX
Overview : A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX
How to build a company culture of success
The goal of this new editor is to make adding rich content to WordPress simple and enjoyable. This whole post
Nando Caporicci: How blockchain outperforms financial institutions
The goal of this new editor is to make adding rich content to WordPress simple and enjoyable. This whole post
Loans 101: When does it make sense to use an installment loan?
The goal of this new editor is to make adding rich content to WordPress simple and enjoyable. This whole post
XSS vulnerability on Apache JSPWiki
Overview : On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability
Cloud Foundry NFS vulnerable to LDAP injection
Overview : Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable
Cross-site scripting hack in DOMPurify 2.0.0
Overview : DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH
ConfigSync vulnerability in F5
Overview : F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when
Vulnerability issues found in Forcepoint VPN Client
Overview : Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local
GoAhead Web server HTTP Header Injection vulnerability
Overview : An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing
TuziCMS 2.0.6 has SQL injection via index.php
Overview : App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. Affected Product(s) : TuziCMS 2.0.6 Vulnerability Details
Incorrect Control over DrayTek Vigor Router
Overview : On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to
IBM WebSphere Application Server allows remote attackers
Overview : IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain
Denial of Service attack in Tenda N301 wireless routers
Overview : In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value.
Pydio file sharing prone to attack
Overview : Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with
Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center
Overview : The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version
VMware ESXi and vCenter updates address multiple vulnerabilities
Overview : VMware vSphere ESXi (6.7 prior to ESXi670-201904101-SG, 6.5 prior to ESXi650-201907101-SG, 6.0 prior to ESXi600-201909001) and VMware vCenter
Buffer Overflow vulnerability in Advantech WebAccess
Overview : In WebAccess versions 8.4.1 and prior, multiple stack based buffer overflow vulnerabilities are detected by a lack of
SQL injection vulnerability in Terrasoft Bpm’online CRM
Overview : A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm’online CRM-System SDK 7.13 permits attackers to execute