Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This...
Read MoreBiscom Secure File Transfer is vulnerable to cross-site scripting in the Package Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML...
Read Moregnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the “Bad Taste” issue. There is a local attack if the victim uses the GNOME Files file manager, and...
Read MoreREDCap before 7.5.1 has XSS via the query string.
Read MoreA remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can...
Read More