phpBB CSRF Token Hijacking attack exposed
Overview : phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the
Overview : phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the
Overview : A vulnerability was found in the clustering code that caused a memory leak. This could be exploited by
Overview : Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability CWE-399/ CVE-2019-12646 A
Overview : Stored XSS vulnerability in expandable textbox form control SECURITY-1498 / CVE-2019-10401 Jenkins form controls include an expandable textbox
Overview : IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can
Overview : In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
Overview : vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. Affected
Overview : A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX
Overview : On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability
Overview : Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable
Overview : DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH
Overview : F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when
Overview : Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local
Overview : An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing
Overview : App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. Affected Product(s) : TuziCMS 2.0.6 Vulnerability Details
Overview : On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to
Overview : IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain
Overview : In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value.
Overview : Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with
Overview : The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version
Overview : VMware vSphere ESXi (6.7 prior to ESXi670-201904101-SG, 6.5 prior to ESXi650-201907101-SG, 6.0 prior to ESXi600-201909001) and VMware vCenter
Overview : In WebAccess versions 8.4.1 and prior, multiple stack based buffer overflow vulnerabilities are detected by a lack of
Overview : A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm’online CRM-System SDK 7.13 permits attackers to execute
Overview : Schneider Electric detected multiple vulnerabilities in its U.motion din rail and touch panels servers. Affected Product(s) : U.motion