A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is...
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of...
A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary...
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to...
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning...
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=’;$HTTP_USER_AGENT;’ with an OS command in the User-Agent field....
Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool. Date published : 2021-05-21 https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool http://www.openwall.com/lists/oss-security/2021/05/22/1
Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document. Date published : 2021-05-21 https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html http://www.openwall.com/lists/oss-security/2021/05/22/1
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel. Date published : 2021-05-21 https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser http://www.openwall.com/lists/oss-security/2021/05/22/1
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. Date published : 2021-05-21 https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url http://www.openwall.com/lists/oss-security/2021/05/22/1
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. Date published : 2021-05-21 https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script http://www.openwall.com/lists/oss-security/2021/05/22/1
Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. Date published : 2021-05-21 https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname http://www.openwall.com/lists/oss-security/2021/05/22/1
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. Date published : 2021-05-21 https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots http://www.openwall.com/lists/oss-security/2021/05/22/1
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many...