5074 matches found
WordPress EWWW Image Optimizer Cloud Plugin <= 2.0.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
PhpOnlineChat 3.0 - Cross-Site Scripting
PhpOnlineChat 3.0 - Cross-Site Scripting Exploit Title: phponlinechat xss Date: 5/9/2014 Exploit Author: N0 Feel Vendor Homepage: http://phponlinechat.com/phpchat Software Link: http://phponlinechat.com/chat-free-download.php Version: 3.0 Tested on: win7 php online chat suffer from xss in user...
Firefox WebIDL Privileged Javascript Injection
This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...
Firefox toString console.time Privileged Javascript Injection Exploit
This Metasploit module gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges. This module requires Metasploit: http//metasploit.com/download Current...
WordPress ClickDesk Plugin <= 3.8.1 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Movable Type Pro 5.13en Stored XSS Vulnerability
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure...
Palm Pre WebOS <= 1.1 - Remote File Access Vulnerability
No description provided by source. I. Description The Palm Pre WebOS =1.1 suffers from a JavaScript injection attack that allows a malicious attacker to access any file on the mobile device. Palm has patched this vulnerability and all users are recommended to upgrade to WebOS version 1.2+. Palm...
XT:Commerce < 3.04 SP2.1 XSS Vulnerability
No description provided by source. ---------------------------------------------------------------------------------- Cross-Site-Scripting XT:Commerce 3.04 SP2.1 ---------------------------------------------------------------------------------- Affected Software .: XT:Commerce 3.04 SP2.1 Venedor...
SHOUTcast DNAS 2.2.1 - Stored XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: SHOUTcast DNAS v2.2.1 win32 XSS\HTML Injection in Song history other version may be also affected Date: 2014-06-11 Exploit Author: robercik101 Vendor Homepage: http://www.shoutcast.com/ ?t=373139 Software Link:...
ORACLE Subdomain Page Defaced by Indian Hacker
A group of Indian Hackers dubbed as I-HOS TEAM has successfully defaced a page on the sub domain of Oracle Corporation, biggest provider of enterprise software, computer hardware and Services. The users visiting the domain are being greeted with a custom webpage with black background and the them...
Feedly Android App Javascript Injection vulnerability exposes Millions of Users to Hackers
When it comes to Android apps, even the simplest app could greatly compromise your privacy and security. Injecting malicious JavaScript into Android applications has drawn an increased attention from the hacking community as its market share spikes. According to security researcher Jeremy S. from...
Firefox Plugin Finder Javascript Injection - Ver2 (CVE-2005-0752)
A code execution vulnerability has been reported in Mozilla Firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Telligent Evolution 7.5.0.32466 Cross Site Scripting
Vulnerability title: Cross-site Scripting in Telligent Evolution CVE: CVE-2014-1223 Vendor: Telligent Product: Evolution Affected version: 7.5.0.32466 Fixed version: 7.6.7.36651 Reported by: Jerzy Kramarz Details: It is possible for an attacker to inject JavaScript by manipulating the 'msg'...
jsict /MockLogin.aspx 后门漏洞
No description provided by source...
Automated NoSQL Database Injection Attacks: NoSQLMap
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...
DEBIAN-CVE-2014-1869
Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...
PT-2014-90: Cross-Site Scripting in ShopOS
The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Reflected cross-site scripting in the account.php page allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How ...
Fedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047)
Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...
MGASA-2013-0368 Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...