3642 matches found
RHEL 7 : firefox (RHSA-2021:4116)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4116 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
ALSA-2021:4123 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fixes: Mozilla: Use-after-free in HTTP2 Session object Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3...
Chamilo LMS 跨站脚本漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS that stems from the edit box o...
CVE-2021-41872
Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service...
Denial of service
Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service...
CVE-2021-41872
The CVE-2021-41872 entry concerns Skyworth Digital Technology’s Penguin Aurora Box 41502, a networked set‑top box, with a denial of service vulnerability. The available Connected documents confirm the affected product is the Penguin Aurora Box family (specifically version 41502) and identify the ...
CVE-2021-41872
Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service...
Skyworth Digital Penguin Aurora Box 安全漏洞
The Skyworth Digital Penguin Aurora Box is a high-end network HD set-top box from Skyworth Digital, a Chinese company, produced by Tencent Video in collaboration with Skyworth Digital. A security vulnerability exists in the Skyworth Digital Penguin Aurora Box, which originates from a denial of...
CVE-2021-41873
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV...
Design/Logic Flaw
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV...
CVE-2021-41873
CVE-2021-41873 concerns Penguin Aurora TV Box 41502 (a high-end network HD set-top box by Tencent Video/Skyworth Digital). Connected sources corroborate an unauthorized access vulnerability that lets an attacker use a specific link to remotely control the TV. The NVD entry lists a very high CVSS ...
CVE-2021-41873
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV...
WordPress About Author Box plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Francesco Carlucci in WordPress About Author Box plugin versions = 1.0.1. Solution Update the WordPress About Author Box plugin to the latest available version at least 1.0.2...
About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks. PoC With a role as low as Contributor, put the following payloads in one of the Social...
Portainer 跨站脚本漏洞
Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. Portainer suffers from a cross-site scripting vulnerability that stems from a cross-site scripting XSS vulnerability in the node input box in custom templates prior to Portainer version 2.9.1...
CVE-2021-39349
The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /includes/admin/class-author-bio-box-admin.php file which allowed attackers with administrative user access to inject arbitrar...
CVE-2021-39349
The CVE describes a Stored Cross-Site Scripting vulnerability in the WordPress Author Bio Box plugin (affected versions up to 3.3.1; PatchStack notes up to 3.4.0). The root cause is insufficient input validation and sanitization across several parameters in includes/admin/class-author-bio-box-adm...
i-Panel Administration System 2.0 Cross Site Scripting
Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Date: 04.10.2021 Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference:...
i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Date: 04.10.2021 Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference:...
i-Panel Administration System 2.0 - Reflected Cross-site Scripting Vulnerability
Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference: https://cybergroot.com/cvesubmission/2021-1/XSSi-Panel2.0.html ...