CVE-2018-14937

The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field...

PT-2018-12812 · My Little Forum · My Little Forum

Name of the Vulnerable Software and Affected Versions: my little forum version 2.4.12 Description: The issue allows for XSS via the Menu Link field in the Add page option. Recommendations: For my little forum version 2.4.12, consider restricting access to the Add page option until a fix is...

keystonesymposia.org XSS vulnerability

Open Bug Bounty ID: OBB-657954 Description| Value ---|--- Affected Website:| keystonesymposia.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Citrix Receiver 4.9 LTSR - Self service mode set to false, desktop icons constantly flashing

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Installed Citrix Receiver 4.9 LTSR on some of the test VDAs published desktops and ever since...

Octopus Deploy Design Vulnerability

Octopus Deploy is an automation tool for the development and deployment of .NET, Java and other applications from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy versions prior to 3.0. An attacker could exploit the vulnerability to create accounts under the...

Microsoft Windows: Turn off toast notifications on the lock screen

This test checks the setting for policy OpenVAS Vulnerability Test $Id: wintoastlockscreen.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Turn off toast notifications on the lock screen users listed in HKU Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

CVE-2018-11588

Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php...

CVE-2016-9076

An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox 50...

CVE-2016-9076

An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox 50...

CVE-2016-9076

An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox 50...

Cross site scripting

Stored cross-site scripting XSS vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...

CVE-2018-11512

Stored cross-site scripting XSS vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...

wityCMS 0.6.1 Cross Site Scripting

Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1 Version: 0.6.1 Tested on:...

wityCMS 0.6.1 - Cross-Site Scripting

Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1 Version: 0.6.1 Tested on:...

[SECURITY] Fedora 26 Update: xdg-utils-1.1.3-1.fc26

The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: Third party software developers can rely on these xdg-utils for all of their simple...

Dnsmorph - Domain Name Permutation Engine Written In Go

DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. DNSMORPH includes the following domain...

PrestaShop Responsive Mega Menu Pro Module SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop. The solution provides a variety of payment methods , short message alerts and product image scaling and other features.Attribute Wizard addon is one of the product attribute add module.Responsive Mega Menu...

Microsoft Windows win32k Menu Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

phpIPAM cross-site scripting vulnerability (CNVD-2018-09472)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the app/sections/user-menu.php file in versions prior to phpIPAM 1.3.1. A remote attacker can exploit this vulnerability to inject arbitrary code or denial of...

CVE-2018-8824

modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter...