4978 matches found
SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20141015-0 ======================================================================= title: Potential Cross-Site Scripting product: ADF Faces vulnerable version: 12.1.2.0 fixed version: versions with CPU...
MGASA-2014-0400 Updated mediawiki packages fix security vulnerbilities
Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files CVE-2014-7199. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specific...
CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway
Vulnerability Title: DoS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7278 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time of disclosure V1.00AADY.4C0 and below tested Patch: Unpatched Authored by: Mirko Casadei Disclosur...
ZyXEL SBG-3300 Security Gateway Denial Of Service
Vulnerability Title: DoS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7278 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time of disclosure V1.00AADY.4C0 and below tested Patch: Unpatched Authored by: Mirko Casadei Disclosur...
WordPress EWWW Image Optimizer Cloud Plugin <= 2.0.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
PhpOnlineChat 3.0 - Cross-Site Scripting
PhpOnlineChat 3.0 - Cross-Site Scripting Exploit Title: phponlinechat xss Date: 5/9/2014 Exploit Author: N0 Feel Vendor Homepage: http://phponlinechat.com/phpchat Software Link: http://phponlinechat.com/chat-free-download.php Version: 3.0 Tested on: win7 php online chat suffer from xss in user...
Firefox WebIDL Privileged Javascript Injection
This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...
Firefox toString console.time Privileged Javascript Injection Exploit
This Metasploit module gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges. This module requires Metasploit: http//metasploit.com/download Current...
WordPress ClickDesk Plugin <= 3.8.1 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Movable Type Pro 5.13en Stored XSS Vulnerability
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure...
Palm Pre WebOS <= 1.1 - Remote File Access Vulnerability
No description provided by source. I. Description The Palm Pre WebOS =1.1 suffers from a JavaScript injection attack that allows a malicious attacker to access any file on the mobile device. Palm has patched this vulnerability and all users are recommended to upgrade to WebOS version 1.2+. Palm...
XT:Commerce < 3.04 SP2.1 XSS Vulnerability
No description provided by source. ---------------------------------------------------------------------------------- Cross-Site-Scripting XT:Commerce 3.04 SP2.1 ---------------------------------------------------------------------------------- Affected Software .: XT:Commerce 3.04 SP2.1 Venedor...
SHOUTcast DNAS 2.2.1 - Stored XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: SHOUTcast DNAS v2.2.1 win32 XSS\HTML Injection in Song history other version may be also affected Date: 2014-06-11 Exploit Author: robercik101 Vendor Homepage: http://www.shoutcast.com/ ?t=373139 Software Link:...
ORACLE Subdomain Page Defaced by Indian Hacker
A group of Indian Hackers dubbed as I-HOS TEAM has successfully defaced a page on the sub domain of Oracle Corporation, biggest provider of enterprise software, computer hardware and Services. The users visiting the domain are being greeted with a custom webpage with black background and the them...
Feedly Android App Javascript Injection vulnerability exposes Millions of Users to Hackers
When it comes to Android apps, even the simplest app could greatly compromise your privacy and security. Injecting malicious JavaScript into Android applications has drawn an increased attention from the hacking community as its market share spikes. According to security researcher Jeremy S. from...
Firefox Plugin Finder Javascript Injection - Ver2 (CVE-2005-0752)
A code execution vulnerability has been reported in Mozilla Firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Telligent Evolution 7.5.0.32466 Cross Site Scripting
Vulnerability title: Cross-site Scripting in Telligent Evolution CVE: CVE-2014-1223 Vendor: Telligent Product: Evolution Affected version: 7.5.0.32466 Fixed version: 7.6.7.36651 Reported by: Jerzy Kramarz Details: It is possible for an attacker to inject JavaScript by manipulating the 'msg'...
jsict /MockLogin.aspx 后门漏洞
No description provided by source...
Automated NoSQL Database Injection Attacks: NoSQLMap
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...
DEBIAN-CVE-2014-1869
Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...