HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as...
An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities. Date published : 2020-12-21 https://seclists.org/fulldisclosure/2020/Dec/36 http://packetstormsecurity.com/files/160628/Programi-Bilanc-Build-007-Release-014-31.01.2020-SQL-Injection.html
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back...
Affected versions of Atlassian Crucible allow remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before...
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address. Date published : 2020-12-19 https://security.gentoo.org/glsa/202107-08 https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. Date published : 2020-12-18 https://support.solarwinds.com/SuccessCenter/s/ https://www.esecforte.com/cross-site-scripting-vulnerability-in-solarwinds-web-help-desk/
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. Date published : 2020-12-18 https://support.solarwinds.com/SuccessCenter/s/ https://www.esecforte.com/cross-site-scripting-via-file-upload-vulnerability-in-solarwinds-web-help-desk/
A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution. Date published : 2020-12-18 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04067en_us
A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF). Date...
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution. Date published : 2020-12-18 http://packetstormsecurity.com/files/161721/HPE-Systems-Insight-Manager-AMF-Deserialization-Remote-Code-Execution.html https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04068en_us
Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. Date published : 2020-12-18 https://www.tenable.com/security/research/tra-2020-56
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898. Date...
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute...
An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The...