Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data. Date published : 2017-06-14 https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd https://github.com/Telaxus/EPESI/issues/186
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. Date published : 2017-06-14 https://github.com/Telaxus/EPESI/commit/48fb5e81cd7a47d98bade092a5a72d8177621dbd https://github.com/Telaxus/EPESI/issues/186
Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter. Date published :...
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. Date published : 2017-06-14 http://www.securityfocus.com/bid/99087 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. Date published : 2017-06-14 http://www.securityfocus.com/bid/99085 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in...
In curl before 7.54.1 on Windows and DOS, libcurl’s default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without...
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this...
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the...
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who...
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially...
An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly...
A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation...
An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". Date published : 2017-06-14 http://www.securityfocus.com/bid/98913 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8551