Zimbra Collaboration Suite version 8.7.11_GA_1854 suffers from a cross site scripting vulnerability.
6de4d493c54ea789d91dbcba0df1db8bSeagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.
5ae797b5faaf3d32724a1d8e66d233b3VTech DigiGo with firmware 83.60630 suffers from a browser overlay attack vulnerability.
77cea9e9382eded61fbed8053c84a2adKaseya VSA version 9.2 suffers from an authentication bypass vulnerability.
7283fc16d75dc79988225cb4c903d5c5Kaseya VSA version 9.2 suffers from a remote shell upload vulnerability.
907b91ed2f652a5d04feabc0ab331cb0VTech DigiGo with firmware version 83.60630 fails to perform validation of TLS certificates.
59ddde2caff6394072eed1459a12fd42A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server (including source code of Kaseya, the database backups, configuration files, and even windows files). Version R9.2 was found affected.
605ce3e61e7a1e700654afd0b394ab11VTech DigiGo with firmware version 83.60630 fails to perform certificate pinning in some flows.
b42e1511b7ec7a18c5d96a398e4d3d07pfSense version 2.4.1 suffers from a clickjacking vulnerability in the cross site request forgery error page.
d27cfffbd264ae18908fb4c5e7e89289Xamarin Studio for Mac versions 6.2.1 (build 3) and 6.3 (build 863) suffer from a local privilege escalation vulnerability.
0eb7c4204f9e48e3f70079bf8624f7daVirtuozzo Power Panel (VZPP) and Automator version 6.1.2 suffers from a buffer over-read vulnerability.
2af4bc88b18673fd24ac2f529c2fd96bA vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.
c2f465d0fafdbcf4b9a63fb413f084f5Western Digital My Cloud with firmware version 2.21.126 suffers from an authentication bypass vulnerability that allows escalation to administrative privileges.
03efc4e9cf55948800f65cb80dd0da13The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.
25a2023423f7860059c0e4cb8e179437Scriptler Jenkins version 2.9 suffers from a cross site scripting vulnerability.
51c7b60005aa4d94fc3a39b0ebc67e50Microsoft Office OneNote 2007 suffers from a dll hijacking vulnerability.
b33e14dcb95985bd6976931c23b1f515It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).
c5887ca20f54ac55ae19e8611c88c6f7Western Digital My Cloud suffers from a cross site request forgery vulnerability.
1f1be9f28d76dd964efe11d9a8018d08Western Digital My Cloud suffers from a buffer overflow vulnerability that allows for remote code execution.
e64dc08f721927ea61266f162a334e42Western Digital My Cloud suffers from multiple command injection vulnerabilities.
769ded7ef3ae77dad8b7bc9a03ec8c4bWordPress version 4.5.3 Press This Function suffers from a cross site request forgery vulnerability that can cause a denial of service condition.
83fd7fe78cebb4f12e22a40081367585WordPress version 4.5.3 Audio Playlist suffers from a cross site scripting vulnerability.
03337762b5f9e7ec64dbec0de777fb10WordPress Contact Form plugin version 4.0.0 suffers from a cross site scripting vulnerability.
9a02b786071ae7946b341084679559f2WordPress Contact Form Manager plugin suffers from cross site request forgery and cross site scripting vulnerabilities.
4987a2afdb93bc122ac36851c982c9edWordPress Popup by Supsystic plugin 1.7.6 suffers from a cross site request forgery vulnerability.
0b5ccac0638dde090a40ca6b20b5ac07
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed