CVE-2017-9764

Cross-site scripting XSS vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action...

Cross site scripting

Cross-site scripting XSS vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action...

CVE-2017-9764

Cross-site scripting XSS vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action...

CVE-2017-9764

MetInfo CMS 5.3.17 contains a cross-site scripting (XSS) vulnerability where an attacker can inject arbitrary web script or HTML by sending crafted Client-IP or X-Forwarded-For HTTP headers to /include/stat/stat.php with a para action. Multiple connected sources (CNVD-2017-25435, CVE/NVD entries)...

CVE-2017-1000059

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users...

CVE-2017-1000059

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users...

Cross site scripting

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users...

CVE-2017-1000059

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users...

RaidenHTTPD 2.0.44 User-Agent Cross Site Scripting

Exploit Title: RaidenHTTPD 2.0.44 - User-Agent - HTML Injection & Cross-site scripting Exploit Author: sultan albalawi :@bofheaded :https://hackinguyz.blogspot.com/ exploit User-Agent HTTP header : For remote testing use http-live -There is no need to use the script alertdocument.cookiewxo3i...

Yaws 2.0 Cross Site Scripting

Exploit Title: Yaws 2.0 server - Cross-Site Scripting Exploit Author: sultan albalawi :@bofheaded :https://hackinguyz.blogspot.com/ ............................. D0rk= inurl:/arg.yaws path: http://site/arg.yaws http heders User-Agent | | | v Host: http://site/ User-Agent: Mozilla/5.0 Windows NT...

WakaTime: Unsafe Inline and Eval CSP Usage

Hi Team, The HTTP header of the wakatime.com website includes an unsafe CSP parameter for "script-src". Impact: However, the "script-src" parameter is set to "unsafe-inline" or "unsafe-eval", which allows injection of user passed values, which in result can be misused for Cross-Site Scripting...

[SECURITY] [DSA 3890-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3890-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2017 https://www.debian.org/security/faq -...

GNU Wget: Header injection

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description It was discovered that there was a header injection vulnerability in GNU Wget which allowed remote attackers to inject arbitrary HTTP headers via CRL...

Design/Logic Flaw

The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service resource consumption by decompressing a large file containing zeroes...

CVE-2016-5004

The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service resource consumption by decompressing a large file containing zeroes...

CVE-2016-5004

CVE-2016-5004 : The vulnerability is in the Content-Encoding header handling in ws-xmlrpc 3.1.3 as used in Apache Archiva, allowing remote attackers to cause a denial of service via decompressing a large file containing zeroes. Documented details confirm the affected component and the impact on a...

OV3 Online Administration 3.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a...

Gratipay: Gratipay Website CSP "script-scr" includes "unsafe-inline"

Summary: ======== The HTTP header of the gratipay.com website includes an unsafe CSP parameter for "script-src". Description: ========== has a Content-Security-Policy configured the "script-src" parameter is set to "unsafe-inline", which allows injection of user passed values, which in result can...

McAfee Network Data Loss Prevention Information Disclosure Vulnerability (CNVD-2017-07551)

McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP suffers from an information disclosure vulnerability in the server implementation, which can be exploited by remote attackers to view product information via the HTTP response heade...

WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability - Windows

WordPress is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...