PivotX CMS version 2.3.10 suffers from cross site request forgery and cross site scripting vulnerabilities.
>> CATEGORY: exploit
Mihalism Multi Host version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
ManageEngine EventLog Analyzer version 10.8 suffers from a privilege escalation vulnerability.
Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability.
Sophos UTM version 9.350-12 with pattern version 92405 (potentially lower) suffers from a cross site scripting vulnerability.
Servision HVG with firmware below version 2.2.26a100 suffers from a hard-coded backdoor password vulnerability.
Wieland wieplan version 4.1 suffers from an arbitrary java code execution when parsing WIE documents that uses XMLDecoder, allowing system access to the affected machine. The software is used to…
The Vulnerability Laboratory Core Research Team discovered multiple web vulnerabilities in the HD Video Player v2.5 iOS mobile web-application (wifi).
The D-Link DCS-930L Network Video Camera is vulnerable to OS Command Injection via the web interface. The vulnerability exists at /setSystemCommand, which is accessible with credentials. This vulnerability was present…
Joomla Scatalog component version 2.0 suffers from a remote SQL injection vulnerability.