Облако начинает привлекать всё больше представителей разнообразных отраслей. Ранее мы уже писали про вклад IaaS в развитие авторынка и разбирали ритейл-кейсы. Сегодня мы решили посмотреть, как IaaS помогает компаниям в индустрии развлечений. Она, пожалуй, как никакая другая…
Sonatype Nexus Repository Manager before 3.12.0 has XSS in multiple areas in the Administration UI.
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0.
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.
tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h.
Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in…