Monthly Archive: June 2018

OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to...

OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code...

WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from...

Trovebox version

Trovebox version

Trovebox version

Trovebox version

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This...

Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register’ and ‘Forgot your password?’ pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames...

Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be...

coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. . Date published...

Triplea version

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a...

Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary...