[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

254492

 
 

909

 
 

198437

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15207 Download | Alert*

Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.

In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.

Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single "$" character as the Name of a Navigation item.

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.

A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.

scripts/inspect_webbrowser.py in Reddit Terminal Viewer 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.

A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.

af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.


Pages:      Start    1495    1496    1497    1498    1499    1500    1501    1502    1503    1504    1505    1506    1507    1508    ..   1520

© SecPod Technologies