XSS vulnerability on Apache JSPWiki
Overview : On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability
Cloud Foundry NFS vulnerable to LDAP injection
Overview : Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable
Cross-site scripting hack in DOMPurify 2.0.0
Overview : DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH
ConfigSync vulnerability in F5
Overview : F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when
Vulnerability issues found in Forcepoint VPN Client
Overview : Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local
GoAhead Web server HTTP Header Injection vulnerability
Overview : An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing
TuziCMS 2.0.6 has SQL injection via index.php
Overview : App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. Affected Product(s) : TuziCMS 2.0.6 Vulnerability Details
Incorrect Control over DrayTek Vigor Router
Overview : On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to
IBM WebSphere Application Server allows remote attackers
Overview : IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain
Denial of Service attack in Tenda N301 wireless routers
Overview : In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value.
Pydio file sharing prone to attack
Overview : Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with
Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center
Overview : The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version
VMware ESXi and vCenter updates address multiple vulnerabilities
Overview : VMware vSphere ESXi (6.7 prior to ESXi670-201904101-SG, 6.5 prior to ESXi650-201907101-SG, 6.0 prior to ESXi600-201909001) and VMware vCenter
Buffer Overflow vulnerability in Advantech WebAccess
Overview : In WebAccess versions 8.4.1 and prior, multiple stack based buffer overflow vulnerabilities are detected by a lack of
SQL injection vulnerability in Terrasoft Bpm’online CRM
Overview : A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm’online CRM-System SDK 7.13 permits attackers to execute
Multiple vulnerabilities in Schneider Electric U.motion servers
Overview : Schneider Electric detected multiple vulnerabilities in its U.motion din rail and touch panels servers. Affected Product(s) : U.motion
Cross Site Scripting issue in MAUTIC 2.13.1
Version : Mautic 2.13.1 Severity : Severe Explanation : Stored Cross Site Scripting vulnerability is found by manipulating argument authorUrl with
Pecl http extension Memory Corruption Vulnerability
Version : pecl-http extension up to 2.6.0beta2/3.1.0beta2 Severity : Medium Explanation : The function merge_param() of the file php_http_params.c. Forged http requests
Sahi Pro Weak Authentication Vulnerability
Version : Sahi Pro (Upto Version : 8.0) Severity : Critical Explanation : The function TestRunner_Non_distributed of create/modify/delete. The manipulation
Critical authentication bypass vulnerability found in Alfresco Community Edition (CVE-2019-14222)
Critical authentication bypass vulnerability found in Alfresco Community Edition (CVE-2019-14222) An issue was discovered in Alfresco Community Edition versions 6.0