On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. Date published : 2018-09-26 http://packetstormsecurity.com/files/149505/RICOH-MP-C6003-Printer-Cross-Site-Scripting.html
On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. Date published : 2018-09-26 http://packetstormsecurity.com/files/149502/RICOH-MP-C2003-Printer-Cross-Site-Scripting.html
On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. Date published : 2018-09-26 http://packetstormsecurity.com/files/149501/RICOH-MP-305-Printer-Cross-Site-Scripting.html
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. Date published : 2018-09-26 https://www.exploit-db.com/exploits/45526/ http://packetstormsecurity.com/files/149497/RICOH-MP-C307-Printer-Cross-Site-Scripting.html
On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. Date published : 2018-09-26 http://packetstormsecurity.com/files/149496/RICOH-Aficio-MP-301-Printer-Cross-Site-Scripting.html
On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. Date published : 2018-09-26 http://packetstormsecurity.com/files/149495/RICOH-MP-C6503-Plus-Printer-Cross-Site-Scripting.html
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. Date published : 2018-09-26 https://www.exploit-db.com/exploits/45526/ http://packetstormsecurity.com/files/149494/RICOH-MP-C1803-JPN-Printer-Cross-Site-Scripting.html
On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. Date published : 2018-09-26 http://packetstormsecurity.com/files/149493/RICOH-MP-C406Z-Printer-Cross-Site-Scripting.html
An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server’s X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway....
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. Date published : 2018-09-26 https://github.com/himanshurahi/e107_2.1.9_CSRF_POC
Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. Date published : 2018-09-26 http://www.securityfocus.com/bid/105377 https://support.citrix.com/article/CTX238022
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. Date published : 2018-09-26 http://www.securityfocus.com/bid/105377 https://support.citrix.com/article/CTX238022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455. Date published : 2018-09-26 https://www.ibm.com/support/docview.wss?uid=ibm10716533 http://www.securitytracker.com/id/1041720
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver’s subroutine will execute a...