MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.Read More ...
Continue ReadingOctober 17, 2022
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controllerOnlinePreviewController.java.Read More ...
Continue ReadingOctober 17, 2022
An attacker can pre-create the `/Applications/Google Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is r ...
Continue ReadingOctober 17, 2022
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.Read More ...
Continue ReadingOctober 17, 2022
Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.Read More ...
Continue ReadingOctober 17, 2022
Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.Read More ...
Continue ReadingOctober 17, 2022
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allo ...
Continue ReadingOctober 17, 2022
xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via ...
Continue ReadingOctober 17, 2022
Back to Main