Juniper NorthStar Controller Application CVE-2017-2318 Remote Privilege Escalation Vulnerability
Category Archives: Security
Security
Vuln: IBM Marketing Platform CVE-2016-0228 Open Redirect Vulnerability
IBM Marketing Platform CVE-2016-0228 Open Redirect Vulnerability
Newly Leaked Hacking Tools Were Worth $2 Million On The Gray Market
Latest Dump of Alleged NSA Tools Is 'The Worst Thing Since Snowden'
Persistent Cross-Site Scripting in Scriptler Jenkins Plugin
Posted by Securify B.V. on Apr 14
————————————————————————
Persistent Cross-Site Scripting in Scriptler Jenkins Plugin
————————————————————————
Burak Kelebek, April 2017
————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in the…
CVE-2017-7879
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
CVE-2017-6554
pmmasterd in Quest Privilege Manager 6.0.0-27 and 6.0.0-50 allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.
CVE-2016-4888
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-7696
SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.
CVE-2016-4890
ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generationg cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.