God Kings version 0.60.1 suffers from an improper authorization issue allowing for in-game notification spoofing.
0ccdb58d79a24e7f88b7511778b7606cFramer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the activity nor does it validate the given URL.
e8924ed5ec5837a0e6f0ebe0b7cfd700Acronis Cyber Backup version 12.5 Build 16341 suffers from a server-side request forgery vulnerability.
91fb344eebf7d5d7a6562e49e011ffc4o2 Business for Android version 1.2.0 suffers from an open redirection vulnerability.
9980d38918579dd6100d181024b4b638MJML versions 4.6.2 and below suffer from a path traversal vulnerability.
a0a3f891f47c7b51f226844efd20e946WordPress SlickQuiz plugin version 1.3.7.1 suffers from a remote SQL injection vulnerability.
acde8b3afeb02ebd1f0a2649b6924ad2WordPress SlickQuiz plugin version 1.3.7.1 suffers from a persistent cross site scripting vulnerability.
2b3be87fd8c14d5a318cff3683426794Quest KACE Systems Management Appliance versions 9.0 and below suffer from a cross site scripting vulnerability.
6e4257cec5ce63b2a13ee85f7cc0f5b9Schneider Electric U.Motion Builder version 1.3.4 suffers from an unauthenticated command injection vulnerability in track_import_export.php.
a7f8f8b997542a663b8fecca07bb1ea3Dell KACE Systems Management Appliance (K1000) version 6.4.120756 unauthenticated remote code execution exploit.
11d97e105916bc6eb37052e4bf986a97Ubiquiti UniFi Video version 3.7.3 (Windows) suffers from a local privilege escalation vulnerability due to insecure directory permissions.
a82e1d218ea5e2d055d53ff0277ba737Check_mk versions 1.2.8p25 and below suffer from a save_users() race condition that leads to sensitive information disclosure.
20c85c9a771f1de93e046c52df63537cAlienVault USM version 5.4.2 suffers from a cross site request forgery vulnerability.
6e771ba0baa2d865a2bac29ab5c0ceb6Mattermost versions 3.5.0 and 3.5.1 suffer from a cross site scripting vulnerability.
b386c063a6b1b10c1dad2ed59478e51aAtlassian Confluence AppFusions Doxygen versions 1.3.0, 1.3.1, 1.3.2, and 1.3.3 suffer from a cross site scripting vulnerability.
40298284e37d5c11bfd9c7e6a26fe36fAtlassian Confluence AppFusions Doxygen versions 1.3.0, 1.3.1, 1.3.2, and 1.3.3 suffer from an information disclosure vulnerability.
bc1d0ec9781d4efabfe8c2e3134f68fbAtlassian Confluence AppFusions Doxygen version 1.3.0 suffers from a path traversal vulnerability.
4e2b79e03f74cde41848df22952ee7ceXenForo ToggleME version 3.1.2 suffers from multiple cross site scripting vulnerabilities.
66b9ae98b3625528c90cfaf047dd623eAlienVault USM/OSSIM version 5.2 suffers from a cross site scripting vulnerability.
607c890e637df1fffca03228952de5feApache Archiva version 1.3.9 suffers from a cross site scripting vulnerability.
49af5bfe6cafae1122d621ea5294c340Apache Archiva version 1.3.9 suffers from a cross site request forgery vulnerability.
bb5f2cae376e13ae271a747583391445XenAPI for XenForo version 1.4.1 suffers from a remote SQL injection vulnerability.
ec6653535f15715683fb23b54a289bdbPostfix Admin version 2.93 suffers from a cross site request forgery vulnerability.
0aa6277ff6f2f8a1e8b41cee4ae3b9a2Swagger Editor version 2.9.9 suffers from a cross site scripting vulnerability.
b53df8f45f91a77bb2ce060de0233f8dUbiquiti Networks UniFi version 3.2.10 suffers from a cross site request forgery vulnerability.
feacedbdd6e190261848193e551b9695
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed