Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar...
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The...
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker...
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker....
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from...
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server. Date published : 2018-06-05 https://www.qnap.com/en/security-advisory/nas-201806-01 http://www.securitytracker.com/id/1041025
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges. Date published : 2018-06-05 https://www.qnap.com/en/security-advisory/nas-201806-01 http://www.securitytracker.com/id/1041025
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML. Date published : 2018-06-05 https://www.qnap.com/en/security-advisory/nas-201806-01 http://www.securitytracker.com/id/1041025
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections. Date published : 2018-06-05 https://www.qnap.com/en/security-advisory/nas-201806-01 http://www.securitytracker.com/id/1041025
nZEDb v0.7.3.3 has XSS in the 404 error page. Date published : 2018-06-05 https://packetstormsecurity.com/files/143725/nZEDb-0.7.3.3-Cross-Site-Scripting.html
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. Date published : 2018-06-05 http://www.securityfocus.com/bid/104550 http://www.ibm.com/support/docview.wss?uid=swg22005503
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. Date published : 2018-06-05 https://www.synology.com/zh-tw/support/security/Synology_SA_18_12
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. Date published : 2018-06-05 https://www.synology.com/zh-tw/support/security/Synology_SA_18_09
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as...