The SOAP API component vulnerability of TIBCO Software Inc.’s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from...
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. Date published : 2019-03-07 https://github.com/chekun/DiliCMS/issues/63
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. Date published : 2019-03-07 https://github.com/chekun/DiliCMS/issues/62
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. Date published : 2019-03-07 https://github.com/chekun/DiliCMS/issues/61
njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. Date published : 2019-03-07 https://github.com/beyond7176/njiandan-cms/issues/1
An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability. Date published : 2019-03-07 https://github.com/0xUhaw/CVE-Bins/tree/master/PHPMyWind/XSS-1
An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php. Date published : 2019-03-07 https://github.com/0xUhaw/CVE-Bins/tree/master/PHPMyWind/XSS-2
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. Date published : 2019-03-07 https://www.debian.org/security/2020/dsa-4712 https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. Date published : 2019-03-07 https://www.exploit-db.com/exploits/46240/ https://alicangonullu.biz/konu/3
A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly...
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user...
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user’s current Stratos session, and act on...
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a...
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector...