CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. Date published : 2018-08-03 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180802-01–security-notice-for-ca-api-developer-portal.html http://www.securitytracker.com/id/1041416
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been...
NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce...
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. Date published : 2018-08-03 https://github.com/restforce/restforce/pull/392
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix...
Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9
/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9
Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9
Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9
Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9
Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9
A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback. Date published : 2018-08-03 http://www.cnvd.org.cn/flaw/show/1325763
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. Date published : 2018-08-03 https://www.debian.org/security/2018/dsa-4263 https://www.exploit-db.com/exploits/45195/
A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script...