The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. Date published : 2020-08-27 https://scalyr-static.s3.amazonaws.com/technical-details/index.html
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through...
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking....
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through...
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking....
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. Date published : 2020-08-27 JetBrains Security Bulletin Q3 2020 Home
eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. Date published : 2020-08-27 https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. Date published : 2020-08-27...
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. Date published : 2020-08-27 https://github.com/hyd3sec/HouseRental_Unauth_RCE/blob/master/HouseRentalRCE.py House rental...
An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. Date published : 2020-08-27 https://packetstormsecurity.com/files/158683/Online-Bike-Rental-1.0-Shell-Upload.html
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. Date published : 2020-08-27 https://packetstormsecurity.com/files/157117/Online-Hotel-Booking-System-Pro-1.3-Cross-Site-Scripting.html
Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. Date published : 2020-08-27 https://packetstormsecurity.com/files/157594/iChat-1.6-Cross-Site-Scripting.html
DesignMasterEvents Conference management 1.0.0 has cross site scripting via the ‘certificate.php’ Date published : 2020-08-27 https://cxsecurity.com/issue/WLB-2020030177 https://packetstormsecurity.com/files/156959/DesignMasterEvents-CMS-1.0-SQL-Injection-Cross-Site-Scripting.html
13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter. Date published : 2020-08-27 https://packetstormsecurity.com/files/157094/13enforme-CMS-SQL-Injection-Cross-Site-Scripting.html