Java.com Cross Site Scripting

Exploit Title: Java.com RXSS and DOM-XSS Date: 01/04/2015 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.java.com Version: / Category: Reflected Cross Site Scripting and DOM based XSS Google dork: Tested on: Java.com main domain Java description :...

X2Engine < 3.7.4 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is prior to version 3.7.4. It is, therefore, potentially affected by multiple vulnerabilities : - Multiple SQL injection vulnerabilities exist in the 'lastEventId' and 'lastTimestamp' HTTP GET parameters ...

██████: DOM based XSS on *.██████.com via document.domain sink in Safari

█████████████████████████████████...

Microsoft Dynamics CRM 2013 SP1 Cross Site Scripting

Advisory ID: HTB23245 Product: Microsoft Dynamics CRM 2013 SP1 Vendor: Microsoft Corporation Vulnerable Versions: 6.1.1.132 DB 6.1.1.132 and probably prior Tested Version: 6.1.1.132 DB 6.1.1.132 Advisory Publication: December 29, 2014 without technical details Vendor Notification: December 29, 20...

Microsoft Dynamics CRM 2013 SP1 Cross Site Scripting Vulnerability

Microsoft Dynamics CRM 2013 SP1 suffers from self-inflicted cross site scripting vulnerability. Product: Microsoft Dynamics CRM 2013 SP1 Vendor: Microsoft Corporation Vulnerable Versions: 6.1.1.132 DB 6.1.1.132 and probably prior Tested Version: 6.1.1.132 DB 6.1.1.132 Advisory Publication: Decemb...

Self-XSS in Microsoft Dynamics CRM 2013 SP1

High-Tech Bridge Security Research Lab discovered a DOM-based self-XSS vulnerability in Microsoft Dynamics CRM 2013 SP1, which can be exploited to perform Cross-Site Scripting attacks against authenticated users. The vulnerability exists due to insufficient filtration of user-supplied input passe...

Mail.ru: /surveys/2auth: DOM-based XSS

document.write''; в него попадаем, когда кука swalang=en для меня Firefox URL-encode-ит location, увы на IE должно прокатить при кейсе BlackFan-а когда другой сайт выдает location GET /surveys/2auth?a='"%20content="40"/%20alert123;!-- HTTP/1.1 Host: help.mail.ru User-Agent: Mozilla/5.0 Macintosh;...

Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal

Cisco Adaptive Security Appliance ASA devices configured for WebVPN contain a DOM-based cross-site scripting vulnerability XSS within the Portal Login page. An unauthenticated, remote attacker who can convince a user to take a malicious action, could perform a XSS attack on the user. The...

CVE-2014-5391 DOM-based Cross-Site Scripting &#40;XSS&#41; in &quot;JobScheduler&quot;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5391 =================== "DOM-based Cross-Site Scripting XSS" CWE-79 vulnerability in "JobScheduler" product Vendor =================== Software- & Organisations-Service GmbH Product =================== "JobScheduler is a workload automation...

[ MDVSA-2014:183 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:183 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : September 24, 2014 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerability: In...

Fedora 20 : phpMyAdmin-4.2.8.1-2.fc20 (2014-10981)

phpMyAdmin 4.2.8.1 2014-09-13 =============================== - security DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:183)

Updated phpmyadmin package fixes security vulnerability : In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1150-1)

phpMyAdmin was updated to 4.1.14.4 2014-09-13 fixing bugs and security issues. - PMASA-2014-10 CVE-2014-6300, CWE-661 CWE-352 http://www.phpmyadmin.net/homepage/security/PMASA-2014- 10.php A DOM based XSS was fixed that resulted to a CSRF that creates a ROOT account in certain conditions...

Get Simple CMS 3.3.3 CSRF / XSS / Clickjacking

Affected Vendor: http://get-simple.info/ Date: 23/09/2014 Discovered by: JoeV Type of vulnerability: CSRF, Click-jacking, DOM based XSS and XSS Tested on: Windows 7 Version : 3.3.3 Description: Get Simple CMS v 3.3.3 is susceptible to multiple vulnerabilities such as CSRF, Click-jacking, DOM base...

Get Simple CMS 3.3.3 CSRF / XSS / Clickjacking Vulnerabilities

Get Simple CMS version 3.3.3 suffers from cross site request forgery, clickjacking, and various cross site scripting vulnerabilities. Affected Vendor: http://get-simple.info/ Date: 23/09/2014 Discovered by: JoeV Type of vulnerability: CSRF, Click-jacking, DOM based XSS and XSS Tested on: Windows ...

Fedora 21 : phpMyAdmin-4.2.8.1-2.fc21 (2014-10885)

phpMyAdmin 4.2.8.1 2014-09-13 =============================== - security DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Updated phpmyadmin package fix CVE-2014-6300

Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.1.14.4, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history featu...

MGASA-2014-0383 Updated phpmyadmin package fix CVE-2014-6300

Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.1.14.4, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history featu...

phpMyAdmin 4.0.x < 4.0.10.3 / 4.1.x < 4.1.14.4 / 4.2.x < 4.2.8.1 Micro History XSS and XSRF Vulnerabilities (PMASA-2014-10)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.3, 4.1.x prior to 4.1.14.4, or 4.2.x prior to 4.2.8.1. It is, therefore, affected by an input-validation error related to the 'micro history' feature that could allow...

FreeBSD : phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature (cc627e6c-3b89-11e4-b629-6805ca0b3d42)

The phpMyAdmin development team reports : XSRF/CSRF due to DOM based XSS in the micro history feature. By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micr...