Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. Date published : 2017-06-15 http://www.securityfocus.com/bid/99072 http://www.securityfocus.com/archive/1/540731/100/0/threaded
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence...
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. Date published : 2017-06-15 https://wpvulndb.com/vulnerabilities/8848
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability...
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability." Date published...
Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via...
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions....
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. Date published : 2017-06-15 https://www.qnap.com/en-us/releasenotes/
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This...
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002. Date published : 2017-06-15 http://www.securityfocus.com/bid/99063 http://www.ibm.com/support/docview.wss?uid=swg22004714
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672. Date published : 2017-06-15 http://www.ibm.com/support/docview.wss?uid=swg22004170 https://exchange.xforce.ibmcloud.com/vulnerabilities/123672
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access...
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. Date published : 2017-06-14 http://www.securityfocus.com/bid/95998 https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data. Date published : 2017-06-14 https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd https://github.com/Telaxus/EPESI/issues/186