A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. Date published : 2020-09-29 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). Date published : 2020-09-29 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884. Date published : 2020-09-29...
Leanote Desktop through 2.6.2 allows XSS because a note’s title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. Date published : 2020-09-29 https://github.com/leanote/desktop-app/issues/353
Leanote Desktop through 2.6.2 allows XSS because a note’s title is mishandled during syncing. This leads to remote code execution because of Node integration. Date published : 2020-09-29 https://github.com/leanote/desktop-app/issues/353
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Date published : 2020-09-29 https://www.debian.org/security/2020/dsa-4800...
info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. Date published : 2020-09-29 https://godofdarkness-msf.blogspot.com/2020/09/aware-callmanager-2012-php-info.html
md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. Date published : 2020-09-29 https://github.com/mity/md4c/issues/130
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to...
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php Date published : 2020-09-29 https://github.com/kr0za/bugs/blob/master/hoosk.md#0x03-install-xss
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php Date published : 2020-09-29 https://github.com/kr0za/bugs/blob/master/hoosk.md#0x02-install-sqli
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php Date published : 2020-09-29 https://github.com/kr0za/bugs/blob/master/hoosk.md#0x01-install-rce
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. Date published : 2020-09-29 http://seclists.org/fulldisclosure/2020/Sep/41...
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request...