An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message. Date published : 2021-05-12 https://github.com/smartstore/SmartStoreNET/commit/5b4e60ae7124df0898975cb8f994f9f23db1fae3
Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at the beginning, as demonstrated by reading the /etc/passwd file. Date published : 2021-05-12 https://www.jamescarroll.me/blog/specoweb-directory-traversal Home
An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified...
Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to...
A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework....
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in ‘/knowage/restful-services/signup/update’ via the ‘name’ parameter. Date published : 2021-05-12 https://github.com/piuppi/Proof-of-Concepts/blob/main/Engineering/CSTI-KnowageSuite7-3.md
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in ‘/servlet/AdapterHTTP’ via the ‘targetService’ parameter. Date published : 2021-05-12 https://github.com/piuppi/Proof-of-Concepts/blob/main/Engineering/XSS-KnowageSuite7-3_unauth.md
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in ‘/knowage/restful-services/documentnotes/saveNote’ via the ‘nota’ parameter. Date published : 2021-05-12 https://github.com/piuppi/Proof-of-Concepts/blob/main/Engineering/Stored-XSS-KnowageSuite7-3-notes.md
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in ‘/knowage/restful-services/signup/update’ via the ‘surname’ parameter. Date published : 2021-05-12 https://github.com/piuppi/Proof-of-Concepts/blob/main/Engineering/Stored-XSS-KnowageSuite7-3-surname.md
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it...
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects:...
An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder...
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a stack based buffer...
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition....