88 matches found
WordPress Easy Testimonials plugin cross-site scripting vulnerability (CNVD-2020-52690)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Easy Testimonials is a sidebar testimonials button plugin used in it. A cross-site scripting vulnerability exists in WordPress Easy...
CVE-2020-7997
ASUS WRT-AC66U 3 RT 3.0.0.4.37267 devices allow XSS via the Client Name field to the Parental Control feature...
CVE-2020-7997
ASUS WRT-AC66U 3 RT 3.0.0.4.37267 devices allow XSS via the Client Name field to the Parental Control feature...
Design/Logic Flaw
ASUS WRT-AC66U 3 RT 3.0.0.4.37267 devices allow XSS via the Client Name field to the Parental Control feature...
CVE-2020-7997
ASUS WRT-AC66U devices (3 RT 3.0.0.4.372_67) are vulnerable to cross-site scripting via the Client Name field in the Parental Control feature. The CNVD-2020-04914 entry describes a lack of proper validation of client-side data by the WEB application, enabling XSS. Exploitation details are not pro...
ASUS WRT-AC66U 3.x Cross Site Scripting
Document Title: =============== ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1993 Release Date: ============= 2018-06-27 Vulnerability Laboratory ID VL-ID: ====================================...
ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability
Document Title: =============== ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1993 Release Date: ============= 2018-06-27 Vulnerability Laboratory ID VL-ID: ====================================...
ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability
Document Title: =============== ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1993 Release Date: ============= 2018-06-26 Vulnerability Laboratory ID VL-ID: ====================================...
DEBIAN-CVE-2017-17439
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...
ALPINE-CVE-2017-17439
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...
StoreFront 3.7 and Above - XenDesktop access policy rules cannot be applied on Endpoint
After implementing the steps mentioned in https://www.citrix.com/blogs/2015/07/01/rewriting-the-session-clientname-from-storefront/ , XenDesktop access policy rules cannot be applied on client name as the client host name comes up as WRXXXXX when using Receiver for web . The client name can only ...
impress-remote-discover NSE Script
Tests for the presence of the LibreOffice Impress Remote server. Checks if a PIN is valid if provided and will bruteforce the PIN if requested. When a remote first contacts Impress and sends a client name and PIN, the user must open the "Slide Show - Impress Remote" menu and enter the matching PI...
SAP Afaria - Stored XSS
Application: SAP Afaria 7 Vendor URL: http://www.sap.com Bugs: XSS Reported: 18.02.2015 Vendor response: 18.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152669 Authors: Dmitry Chastukhin ERPScan Vulnerability information Class: XML External Entity CWE-79 Impact: Store...
CVE-2014-2021
Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...
CVE-2014-5343
Cross-site scripting XSS vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field...
CVE-2014-5343
Cross-site scripting XSS vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field...
Perforce P4web 2011/2012 Web Client XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: Perforce P4web 2011/2012 Web Client XSS Vulnerability Date: 21 Jan 2013 Researcher: Christy Philip Mathew Email: email protected Vendor or Software Link: http://filehost.perforce.com/perforce/r11.1/bin.ntx86/p4webinst.exe...
SC DHCP 4.1.2 Denial Of Service
Exploit for windows platform in category dos / poc !/usr/bin/python ''' SC DHCP 4.1.2 4.2.4 and 4.1-ESV 4.1-ESV-R6 remote denial of serviceinfinite loop and CPU consumption/chew via zero'ed client name length http://www.k1p0d.com ''' import socket import getopt from sys import argv def main: args...
DEBIAN-CVE-2009-3369
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then...
CVE-2007-5902
Integer overflow in the svcauthgssgetprincipal function in lib/rpc/svcauthgss.c in MIT Kerberos 5 krb5 allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request...