172 matches found
UBUNTU-CVE-2017-7837
SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox 57...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects CVE-2017-7832: Domain spoofing throug...
jRank Topsites 1.0 Cross Site Request Forgery / Code Injection
Meta Tags File Footer File /tbody...
Yelp: Research papers on yelp are getting indexed by google bots.
While playing around to access some private information on yelp.com i was able to get access to research papers on yelp which are not supposed disclose publically. By framing a google dork i got access to most of your documents. Google Dork: site:starbucks.com ext:doc | ext:docx | ext:odt | ext:p...
VK.com: Stored XSS в личных сообщениях
Lack of data filtration, which leads to stored XSS in instant messenger service. Stored XSS in personal messages. The vulnerability exists due to the lack of filtering data which is taken from the META tags for demonstration preview of the site...
GitLab: XSS On meta tags in profile page
The profile page https://gitlab.com/u/ does not properly sanitize quotation marks, allowing for injection of attributes into the meta tags. This allows for redirection to phishing sites and other various nefarious things. I've managed to get my profile page to redirect to Bing by setting my bio t...
Snapchat: XSS found on Snapchat website
Hi Snapchat Team, I've found a reflected XSS vulnerability on this page: https://www.snapchat.com/add/snapchat Example: https://www.snapchat.com/add/%22%3E%3Ch1%3EXSS%3C%2Fh1%3E Note: you should visit the page with a mobile user-agent since the server displays different information based on the...
CVE-2014-9363
Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter...
CVE-2014-9362
Cross-site scripting XSS vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web script or HTML via vectors related to deleting a...
Cross site scripting
Cross-site scripting XSS vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web script or HTML via vectors related to deleting a...
Open redirect
Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter...
CVE-2014-9363
Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter...
CVE-2014-9362
Cross-site scripting XSS vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web script or HTML via vectors related to deleting a...
CVE-2014-9363
Open redirect vulnerability CVE-2014-9363 affects Drupal Meta tags quick module (7.x-2.x) prior to 7.x-2.8. The issue allows remote authenticated users to redirect others to arbitrary sites via the destination parameter in the path-based meta tag editing form. Impact is described as enabling phis...
CVE-2014-9362
CVE-2014-9362 : A cross-site scripting (XSS) vulnerability in the Drupal contributed module Meta tags quick (7.x-2.x) up to version 7.x-2.7 (not affecting Drupal core) allows remote authenticated users who have the Edit path based meta tags permission to inject arbitrary HTML/JS via the path-base...
SA-CONTRIB-2014-067 - Meta Tags Quick - Multiple vulnerabilities
Meta tags quick adds meta tags editing to all non-administrative pages of Drupal site. Redirector abuse in path-based meta tag editing form When editing a path-based meta tag, module does not check destination parameter of the URL, allowing attacker to pass arbitrary URL to meta tag editing form...
fresh email script 1.0 - Multiple Vulnerabilities
No description provided by source. 1. +-----------------+-----------------+-----------------+ 2. +-----------------+Fresh Email Script+----------------+ 3. +-----------------versions: 1.0 to 1.11 - all 4. +-----------------exploits: file inclusion & cookie manipulation 5. +-----------------founde...
global_redirect
This plugin finds global redirection vulnerabilities. This kind of bugs are used for phishing and other identity theft attacks. A common example of a global redirection would be a script that takes a "url" parameter and when requesting this page, a HTTP 302 message with the location header to the...
meta_tags
This plugin greps every page for interesting meta tags. Some interesting meta tags are the ones that contain : microsoft, visual, linux . Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres...
CVE-2012-5654
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the 1 description,...