4380 matches found
██████: DOM based XSS on *.██████.com via document.domain sink in Safari
█████████████████████████████████...
Microsoft Dynamics CRM 2013 SP1 Cross Site Scripting Vulnerability
Microsoft Dynamics CRM 2013 SP1 suffers from self-inflicted cross site scripting vulnerability. Product: Microsoft Dynamics CRM 2013 SP1 Vendor: Microsoft Corporation Vulnerable Versions: 6.1.1.132 DB 6.1.1.132 and probably prior Tested Version: 6.1.1.132 DB 6.1.1.132 Advisory Publication: Decemb...
Microsoft Dynamics CRM 2013 SP1 Cross Site Scripting
Advisory ID: HTB23245 Product: Microsoft Dynamics CRM 2013 SP1 Vendor: Microsoft Corporation Vulnerable Versions: 6.1.1.132 DB 6.1.1.132 and probably prior Tested Version: 6.1.1.132 DB 6.1.1.132 Advisory Publication: December 29, 2014 without technical details Vendor Notification: December 29, 20...
Self-XSS in Microsoft Dynamics CRM 2013 SP1
High-Tech Bridge Security Research Lab discovered a DOM-based self-XSS vulnerability in Microsoft Dynamics CRM 2013 SP1, which can be exploited to perform Cross-Site Scripting attacks against authenticated users. The vulnerability exists due to insufficient filtration of user-supplied input passe...
Mail.ru: /surveys/2auth: DOM-based XSS
document.write''; в него попадаем, когда кука swalang=en для меня Firefox URL-encode-ит location, увы на IE должно прокатить при кейсе BlackFan-а когда другой сайт выдает location GET /surveys/2auth?a='"%20content="40"/%20alert123;!-- HTTP/1.1 Host: help.mail.ru User-Agent: Mozilla/5.0 Macintosh;...
Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal
Cisco Adaptive Security Appliance ASA devices configured for WebVPN contain a DOM-based cross-site scripting vulnerability XSS within the Portal Login page. An unauthenticated, remote attacker who can convince a user to take a malicious action, could perform a XSS attack on the user. The...
CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5391 =================== "DOM-based Cross-Site Scripting XSS" CWE-79 vulnerability in "JobScheduler" product Vendor =================== Software- & Organisations-Service GmbH Product =================== "JobScheduler is a workload automation...
[ MDVSA-2014:183 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:183 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : September 24, 2014 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerability: In...
Fedora 20 : phpMyAdmin-4.2.8.1-2.fc20 (2014-10981)
phpMyAdmin 4.2.8.1 2014-09-13 =============================== - security DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:183)
Updated phpmyadmin package fixes security vulnerability : In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature...
Get Simple CMS 3.3.3 CSRF / XSS / Clickjacking Vulnerabilities
Get Simple CMS version 3.3.3 suffers from cross site request forgery, clickjacking, and various cross site scripting vulnerabilities. Affected Vendor: http://get-simple.info/ Date: 23/09/2014 Discovered by: JoeV Type of vulnerability: CSRF, Click-jacking, DOM based XSS and XSS Tested on: Windows ...
Get Simple CMS 3.3.3 CSRF / XSS / Clickjacking
Affected Vendor: http://get-simple.info/ Date: 23/09/2014 Discovered by: JoeV Type of vulnerability: CSRF, Click-jacking, DOM based XSS and XSS Tested on: Windows 7 Version : 3.3.3 Description: Get Simple CMS v 3.3.3 is susceptible to multiple vulnerabilities such as CSRF, Click-jacking, DOM base...
Fedora 21 : phpMyAdmin-4.2.8.1-2.fc21 (2014-10885)
phpMyAdmin 4.2.8.1 2014-09-13 =============================== - security DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1150-1)
phpMyAdmin was updated to 4.1.14.4 2014-09-13 fixing bugs and security issues. - PMASA-2014-10 CVE-2014-6300, CWE-661 CWE-352 http://www.phpmyadmin.net/homepage/security/PMASA-2014- 10.php A DOM based XSS was fixed that resulted to a CSRF that creates a ROOT account in certain conditions...
MGASA-2014-0383 Updated phpmyadmin package fix CVE-2014-6300
Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.1.14.4, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history featu...
Updated phpmyadmin package fix CVE-2014-6300
Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.1.14.4, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history featu...
phpMyAdmin 4.0.x < 4.0.10.3 / 4.1.x < 4.1.14.4 / 4.2.x < 4.2.8.1 Micro History XSS and XSRF Vulnerabilities (PMASA-2014-10)
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.3, 4.1.x prior to 4.1.14.4, or 4.2.x prior to 4.2.8.1. It is, therefore, affected by an input-validation error related to the 'micro history' feature that could allow...
FreeBSD : phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature (cc627e6c-3b89-11e4-b629-6805ca0b3d42)
The phpMyAdmin development team reports : XSRF/CSRF due to DOM based XSS in the micro history feature. By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micr...
XSRF/CSRF due to DOM based XSS in the micro history feature
PMASA-2014-10 Announcement-ID: PMASA-2014-10 Date: 2014-09-13 Summary XSRF/CSRF due to DOM based XSS in the micro history feature Description By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a...
phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature
The phpMyAdmin development team reports: XSRF/CSRF due to DOM based XSS in the micro history feature. By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro...