An issue in Diebold Nixdorf Vynamic View Console versions 5.3.1 and below allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.
e8ca12d6b8563b69ab66a6e4e43f64fa33eef9148ba6d2ac5f95576df569a4e6Multiple persistent cross site scripting vulnerabilities in FICO Origination Manager Decision Module version 4.8.1 allow an attacker to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the JSESSIONID cookie of another user and take over their session. These two findings can be chained together.
27679f4bfde5c9377efad490bf7207a9b6f587632600f7b21edcff5a9651ed7f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed