cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the...
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused...
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused...
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused...
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI. Date published : 2020-03-19 https://starlabs.sg/advisories/18-20335/
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control...
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. Date...
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-015-reflected-cross-site-scripting-in-openfire/
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-015-reflected-cross-site-scripting-in-openfire/
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-015-reflected-cross-site-scripting-in-openfire/
ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner parameter. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-016-cross-site-scripting-in-ilchcms/
ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name parameter. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-016-cross-site-scripting-in-ilchcms/
ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-016-cross-site-scripting-in-ilchcms/
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI. Date published : 2020-03-19 https://www.netsparker.com/web-applications-advisories/ns-19-017-cross-site-scripting-in-erpnext/