CVE-2015-5495

Cross-site scripting XSS vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-5495

The CVE concerns the Drupal Mobile sliding menu module (7.x-2.x) prior to 7.x-2.1. It describes a cross-site scripting (XSS) vulnerability that can be exploited by remote authenticated users who have the 'administer menu' permission to inject arbitrary web script or HTML via unspecified vectors. ...

CVE-2015-5495

Cross-site scripting XSS vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors...

OWASP ZSC Shellcoder - Generate Customized Shellcodes

OWASP ZSC is an open source software in python language which lets you generate customized shellcodes for listed operation systems. This software can be run on Windows/Linux&Unix/OSX and others OS under python 2.7.x. Description Usage of shellcodes Shellcodesare small codes in assembly which coul...

Python IDLE 2.7.8 - Crash (PoC)

!/usr/bin/env python Title : Python IDLE 2.7.8 - Crash Proof Of Concept Website : http://www.python.org/idle/ Tested : Windows 7 / Windows 8.1 Author : Hadi Zomorodi Monavar Email : [email protected] 1 . run python code : python poc.py 2 . open r3z4.txt and copy content to clipboard 3 . open...

WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)

...

MicEnum - Mandatory Integrity Control Enumerator for Windows

In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control MIC is a core security feature introduced in Windows Vista and implemented in subsequent lines of Windows operating systems. It adds Integrity LevelsIL-based isolation to running processes and objects...

Snorby 'menu.html.erb' HTML Injection Vulnerability

Snorby is a set of Ruby on Rails based on the Ruby language open source web application framework for network security monitoring web applications . An HTML injection vulnerability exists in Snorby that stems from the program failing to adequately filter user-submitted input. When a user browses...

Novius 5.0.1 - Multiple Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt Vendor: ======================= community.novius-os.org Product: =============================================================== novius-os.5.0.1-elche is a PHP...

Novius OS 5.0.1-elche XSS / LFI / Open Redirect

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt Vendor: ======================= community.novius-os.org Product: =============================================================== novius-os.5.0.1-elche is a PHP...

JIRA HTTP Dump Recorded Credential information As Text

Example steps to reproduce: Example 1: enable HTTP Access Logging and the HTTP dump log Change Password in the atlassian-jira-http-dump.log , the user's credential will be in the log as text Example 2: enable HTTP Access Logging and the HTTP dump log exit Administrations menu/logout go to any...

The jQuery version used in JIRA needs to be updated

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-43422. panel Actually the jQuery version used in JIRA is still using the function jQuery.browser which is deprecated and has been removed...

The jQuery version used in JIRA needs to be updated

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-43422. panel Actually the jQuery version used in JIRA is still using the function jQuery.browser which is deprecated and has been removed sin...

Mozilla Firefox referrer policy bypass vulnerability

Mozilla Firefox is a popular open source WEB browser. When opening links via mid-click and context menus, Mozilla Firefo fails to properly enforce referer policies when handling meta tags, allowing remote attackers to perform unauthorized actions bypassing security restrictions...

CVE-2015-2711

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a UR...

UBUNTU-CVE-2015-2711

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a UR...

Referrer policy ignored when links opened by middle-click and context menu — Mozilla

Security researcher Alex Verstak reported that is ignored when a link is opened through the context menu or a middle-click by mouse. This means that, in some situations, the referrer policy is ignored when opening links in new tabs and may cause some pages to open without an HTTP Referer header...

Fortinet FortiADC User Group Menu Cross-Site Scripting Vulnerability

Fortinet FortiADC is a load balancing service solution. A cross-site scripting vulnerability exists in Fortinet FortiADC User Group Menu Processing, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to obtain sensitive information ...

Mobile sliding menu - Less Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-108

The mobile sliding menu module integrates the mmenu jQuery plugin for creating slick, app look-alike sliding menus for your mobile website. The module doesn't sufficiently sanitize user supplied text, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fa...