P5 FNIP-8x16A / FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from cross site request forgery and cross site scripting vulnerabilities.
>> CATEGORY: exploit
Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation. Second version of this exploit that is updated to work with Python 3.
The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. This can lead to a fully controlled relative out-of-bounds write when processing a malicious HTTP2 request (or response).
Mahara version 19.10.2 suffers from a persistent cross site scripting vulnerability.
Sky File version 2.1.0 for iOS suffers from cross site scripting and directory traversal vulnerabilities.
QRadar Community Edition version 7.3.1.6 is deployed with a default password for the ConfigServices account. Using this default password it is possible to download configuration sets containing sensitive information, including…
QRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on…
QRadar Community Edition version 7.3.1.6 suffers from cross site request forgery and weak access control vulnerabilities.
QRadar Community Edition version 7.3.1.6 suffers from a reflective cross site scripting vulnerability in the Forensics link analysis page.
QRadar Community Edition version 7.3.1.6 suffers from a local privilege escalation due to insecure file permissions with run-result-reader.sh.