Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim’s browser. Date published : 2019-07-30 https://hackerone.com/reports/570568
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. Date published : 2019-07-30 https://hackerone.com/reports/490946
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. Date published : 2019-07-30 https://hackerone.com/reports/291764
Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. Date published : 2019-07-30...
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. Date published : 2019-07-30 https://hackerone.com/reports/534541
Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. Date published : 2019-07-30 https://hackerone.com/reports/507172
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. Date published : 2019-07-30...
A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. Date published : 2019-07-30 https://hackerone.com/reports/476615
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. Date published : 2019-07-30 https://yarnpkg.com/blog/2019/07/12/recommended-security-update/ https://github.com/ChALkeR/notes/blob/master/Yarn-vuln.md
IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive...
IBM WebSphere Application Server – Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker...
IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or...
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and...