ntopng 1.2.0 - Cross-Site Scripting Injection

ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to...

Mirapoint Web Mail Expression() HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20840/info Mirapoint Web Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary JavaScript in the victim's...

Good for Enterprise 2.2.2.1611 - XSS Vulnerability

No description provided by source. The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: body div scriptalert'XSS Here'/script /div...

Prometeo 1.0.65 - SQL Injection Vulnerability

No description provided by source. // / ////// //////// /// / / / / // / / / / /// //////// / / // / / / // / // /// //////// // ================================= Prometeo vers. 1.0.65 -SQLi Vulnerability- ================================= -Vulnerability ID: LD3-Product: Prometeo-Vendor: Prometeo...

e107 1.0.1 - CSRF Resulting in Arbitrary Javascript Execution

No description provided by source. Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:This site is powered by e107 Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

Claroline 1.10 Persistent XSS Vulnerability

No description provided by source. ------------------------------------------------------------------------ Software................Claroline 1.10 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate 2/5 Download................http://www.claroline.net/...

[ MDVSA-2014:111 ] otrs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:111 http://www.mandriva.com/en/support/security/ Package : otrs Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: A logged in attack...

F*EX 20140313-1 HTTP Response Splitting / Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2014-05-22 === FEX Frams' Fast File EXchange - Multiple Issues - - --------------------------------------------------------------------- Affected Versions ================= FEX Frams' Fast File...

[CVE-2014-0072] Apache Cordova File-Transfer insecure defaults

CVE-2014-0073: Apache Cordova In-App-Browser privilege escalation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Cordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 Cordova In-App-Browser iOS standalone plugin org.apache.cordova.inappbrowser...

CVE-2014-0514

The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636...

Khan Academy: XSS at http://smarthistory.khanacademy.org

Hi, There is a SWF-based XSS : http://smarthistory.khanacademy.org/assets/flash/cozimo.swf?iceID=%22%29%29catch%28e%29alert%28%27XSS%27%29;// Opening the link would trigger JavaScript execution! Works in possibly any browser with Adobe Flash, i.e - Chrome, Firefox Thanks!...

Design/Logic Flaw

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service resource consumption and application hang via onbeforeunload events that trigger background JavaScript execution...

CVE-2014-1500

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service resource consumption and application hang via onbeforeunload events that trigger background JavaScript execution...

CVE-2014-1500

CVE-2014-1500 affects Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25. The issue allows remote attackers to cause resource exhaustion and application hang via onbeforeunload events that trigger background JavaScript execution. Exploitation details are not provided in the available docum...

Mozilla: Privilege escalation using WebIDL-implemented APIs (MFSA 2014-29)

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...

CVE-2014-1500

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service resource consumption and application hang via onbeforeunload events that trigger background JavaScript execution...

DrinkedIn BarFinder application安全绕过任意Javascript代码执行漏洞

CVE ID:CVE-2014-1887 DrinkedIn BarFinder application是一款基于安卓的应用。 当使用Adobe PhoneGap 2.9.0或之前版本时DrinkedIn BarFinder application存在安全漏洞，允许远程攻击者控制类似freelifetimecheating.com和www.babesroulette.com之类的站点，来执行任意JavaScript代码，获取地理信息。 0 DrinkedIn BarFinder application for Android 目前没有详细解决方案提供：...

MGASA-2014-0114 Updated otrs package fixes security vulnerability

An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed CVE-2014-1695...

Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2119-1)

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker...

ownCloud 6.0.0a - Multiple Vulnerabilities

Exploit Title: ownCloud 6.0.0a File Deletion XSS and CSRF Protection Bypass Vendor Homepage: www.ownCloud.org OwnCloud Version: 6.0.0a Browsers tested: Iceweasel 22.0; Internet Explorer 11; Server: Debian. Default LAMP set-up. Exploit Author: James Sibley absane Blog: http://blog.noobroot.com...