[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

251139

 
 

909

 
 

196159

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 249948 Download | Alert*

The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.

Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to admin/user_management.php, (2) data_search parameter to /admin/profile_data.php, or (3) filter parameter to error_log.php.

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.

Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field.

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" permission to inject arbitrary web script or HTML via unspecified vectors.

Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors.

Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate.

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.


Pages:      Start    9676    9677    9678    9679    9680    9681    9682    9683    9684    9685    9686    9687    9688    9689    ..   24994

© SecPod Technologies