4978 matches found
IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-08265)
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...
IBM Security Privileged Identity Manager Virtual Appliance Cross-Site Scripting Vulnerability
IBM Security Privileged Identity Manager is an identity management product within the IBM Identity Governance and Management solution that protects, automates, and audits the use of privileged identities to help defend against insider threats and improve security. IBM Security Privileged Identity...
WiFi-Pumpkin v0.8.1 - Framework for Rogue Wi-Fi Access Point Attack
Framework for Rogue Wi-Fi Access Point Attack Description WiFi-Pumpkin is a open source security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Installation Kali 2.0/WifiSlax 4.11.1/Parrot 3.0.1/2.0.5 Python 2.7 git clone...
Multiple stored cross-site scripting vulnerabilities in PHPCMS
PHPCMS is an open source website management software.PHPCMS V9 V9 for short uses PHP5+MYSQL as the technical basis for development. The latest version of PHPCMS has multiple stored cross-site scripting vulnerabilities that can be exploited by attackers to inject arbitrary JavaScript code into the...
IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06697)
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...
IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06650)
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...
IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06647)
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...
IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06537)
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...
Cygnus Ease Mail Client - Address Book Cross-Site Scripting Vulnerability
Cygnus EaseMail Client is a professional e-mail client software for sending, receiving and managing e-mails, supporting the import of certificates and encrypted sending. The Cygnus Mail client is vulnerable to a cross-site scripting vulnerability. Allows an attacker to insert malicious js code in...
Adobe Brackets Cross-site Scripting and Unspecified Vulnerabilities - Mac OS X
Adobe Brackets is prone to cross-site scripting and an unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Adobe Brackets Cross-site Scripting and Unspecified Vulnerabilities - Windows
Adobe Brackets is prone to cross-site scripting and an unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
APSB16-20 Security update available for Adobe Brackets
Adobe has released a security update for Adobe Brackets for Windows, Macintosh and Linux. This update resolves a JavaScript injection vulnerability CVE-2016-4164 and a vulnerability in the extension manager CVE-2016-4165. Adobe recommends users update their product installation using the...
Zendesk: XSS in zendesk.com/product/
Vulnerable urls: https://www.zendesk.com/product/tour/ https://www.zendesk.com/product/pricing/ or just https://www.zendesk.com/product/ Vulnerable parameter is a cvosid1, used in live.js to call convertro code without sanitizing. This leads to generating malformed javascript answer with XSS...
drchrono: Template stored XSS
The template filed names are not escaped properly, which gives an opportunity to inject HTML tags with javascript there. 1. Log into your account 2. Open the template builder https://%yourdomain%.drchrono.com/clinical/advancedformbuilder 3. Create a new template with a field called 4. Save the...
Reflective XSS Vulnerability in EasyCMS Enterprise Marketing Management System Administration Backend
EasyCMS is a web content management system based on PHP+Mysql architecture. A reflective XSS vulnerability exists in the administration backend of the EasyCMS enterprise marketing management system, which can be exploited by an attacker to submit data with js code on the personal information page...
Uber: Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin
newsroom.uber.com uses a WordPress plugin called Stream to log user activity. In some cases the logged events aren't sanitized properly and can contain HTML tags and JavaScript. An unauthenticated user can produce such a log message to inject JavaScript in the admin panel. When an administrator...
Cross-site Scripting Vulnerability in WPSMAIL Email Client
WPS Mail is a mail sending and receiving software developed by Kingsoft Group. There is a cross-site scripting vulnerability in the WPSMAIL email client, where js code is added to the content of sent emails, which triggers a cross-site attack when receiving emails...
FreeBSD : xymon-server -- multiple vulnerabilities (1cecd5e0-c372-11e5-96d6-14dae9d210b8)
J.C. Cleaver reports : - CVE-2016-2054: Buffer overflow in xymond handling of 'config' command - CVE-2016-2055: Access to possibly confidential files in the Xymon configuration directory - CVE-2016-2056: Shell command injection in the 'useradm' and 'chpasswd' web applications - CVE-2016-2057:...
xymon-server -- multiple vulnerabilities
J.C. Cleaver reports: CVE-2016-2054: Buffer overflow in xymond handling of "config" command CVE-2016-2055: Access to possibly confidential files in the Xymon configuration directory CVE-2016-2056: Shell command injection in the "useradm" and "chpasswd" web applications CVE-2016-2057: Incorrect...
phpDolphin 2.0.5 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: phpDolphin http://target.com/index.php?a=search&q=teste&filter=m"XSS CSRF ==== We've found no protection against CSRF Cross-site Request Forgery, which made possible to do any kind of act on a user or admin account. NO FORMS are...