The Windows Installation component of TIBCO Software Inc.’s TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker...
The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.’s TIBCO Enterprise Message Service,...
The Windows Installation component of TIBCO Software Inc.’s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service – Community Edition, and TIBCO Enterprise Message Service – Developer Edition contains a vulnerability that theoretically allows a...
The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO...
The Windows Installation component of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker...
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.’s TIBCO...
The Windows Installation component of TIBCO Software Inc.’s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows...
Priam uses File.createTempFile, which gives the permissions on that file -rw-r–r–. An attacker with read access to the local filesystem can read anything written there by the Priam process. Date published : 2021-03-23 https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-002.md
In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names...
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. Date published : 2021-03-23 https://drive.google.com/file/d/1suqBvuoE-3U2QmWpCOXXV4_5rEu_XGJL/view?usp=sharing https://www.exploit-db.com/exploits/49670
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields...
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. Date published : 2021-03-23 https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20query%20parameter
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. Date published : 2021-03-23 https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20index.php%20URI
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter. Date published : 2021-03-23 https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20limit%20parameter