OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) Date published : 2019-03-17 http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html http://seclists.org/fulldisclosure/2019/Jan/46
OX App Suite 7.8.4 and earlier allows SSRF. Date published : 2019-03-17 http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html http://seclists.org/fulldisclosure/2019/Jan/46
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User...
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data. Date published : 2019-03-17...
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the...
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access...
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide...
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution. Date published : 2019-03-17 http://packetstormsecurity.com/files/151116/AudioCode-400HD-Remote-Command-Injection.html http://seclists.org/fulldisclosure/2019/Jan/38
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS. Date published : 2019-03-17 http://packetstormsecurity.com/files/151115/AudioCode-400HD-Cross-Site-scripting.html http://seclists.org/fulldisclosure/2019/Jan/37
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued. Date published : 2019-03-17 http://seclists.org/fulldisclosure/2019/Feb/51
VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. Date published : 2019-03-17 http://packetstormsecurity.com/files/151800/VertrigoServ-2.17-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/47
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. Date published : 2019-03-17 https://security.netapp.com/advisory/ntap-20190411-0006/ http://www.openwall.com/lists/oss-security/2019/02/21/1
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. Date published : 2019-03-17 http://seclists.org/fulldisclosure/2019/Feb/29 http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName....