Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users’ credentials by creating a shared password with HTML code as the title. Date published : 2020-03-16 https://teampasswordmanager.com/docs/changelog/ https://www.pentagrid.ch/de/blog/security_issues_in_teampasswordmanager_and_combodo_itop/
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). Date published : 2020-03-16 https://herolab.usd.de/en/security-advisories/ https://herolab.usd.de/security-advisories/usd-2019-0054/
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. Date published : 2020-03-16 https://herolab.usd.de/en/security-advisories/ https://herolab.usd.de/en/security-advisories/usd-2019-0053/
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. Date published : 2020-03-16 https://herolab.usd.de/en/security-advisories/ https://herolab.usd.de/security-advisories/usd-2019-0052/
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. Date published : 2020-03-16 https://herolab.usd.de/en/security-advisories/ https://herolab.usd.de/security-advisories/usd-2019-0051/
Codiad Web IDE through 2.8.4 allows PHP Code injection. Date published : 2020-03-16 http://packetstormsecurity.com/files/162753/Codiad-2.8.4-Remote-Code-Execution.html https://github.com/Codiad/Codiad/commits/master
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over...
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout. Date published : 2020-03-16 https://support.hp.com/us-en/document/c06594863
A flaw was found when an OpenSSL security provider is used with Wildfly, the ‘enabled-protocols’ value in the Wildfly configuration isn’t honored. An attacker could target the traffic sent from Wildfly and downgrade the...
LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php. Date published : 2020-03-16 https://github.com/LimeSurvey/LimeSurvey/commit/0b7391dff91b326284ca3fc5188b768b5d522d88 https://github.com/LimeSurvey/LimeSurvey/commit/f2566f6978a77e3f0870079c45cda1c065a58a73
A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the...
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a...
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration...
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data....