X (Formerly Twitter): [dev.twitter.com] XSS and Open Redirect

Description === XSS via Request-URI which requires user interaction. The vulnerability is caused by the difference in the Request-URI processing in the Location header and in the link on the page. By creating an incorrect port in the link on the Location header, you can block the redirection for...

Critical Security Fixes from Adobe, Microsoft

Adobe has released updates to fix dozens of vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it's time once again to get your patche...

CVE-2017-10182

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Export Functionality. Supported versions that are affected are 5.4.0.x, 5.4.1.x and 5.4.3.x. Difficult to exploit vulnerability allows high privileged attacker with...

CVE-2017-10182

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Export Functionality. Supported versions that are affected are 5.4.0.x, 5.4.1.x and 5.4.3.x. Difficult to exploit vulnerability allows high privileged attacker with...

Buffer overflow

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Export Functionality. Supported versions that are affected are 5.4.0.x, 5.4.1.x and 5.4.3.x. Difficult to exploit vulnerability allows high privileged attacker with...

CVE-2017-10182

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Export Functionality. Supported versions that are affected are 5.4.0.x, 5.4.1.x and 5.4.3.x. Difficult to exploit vulnerability allows high privileged attacker with...

CVE-2017-10182

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Export Functionality. Supported versions that are affected are 5.4.0.x, 5.4.1.x and 5.4.3.x. Difficult to exploit vulnerability allows high privileged attacker with...

CVE-2017-10182

The CVE-2017-10182 issue affects Oracle Hospitality OPERA 5 Property Services, specifically the OPERA Export Functionality subcomponent. Affected versions are 5.4.0.x, 5.4.1.x and 5.4.3.x. The vulnerability could be exploited by a high-privilege attacker with network access via HTTP to gain unaut...

Mail.ru: Gain access to random information via group chat "about" property

Vulnerability based on unfiltered size of data in "about" field. In case when data length stored in "about" field is more than 2^16 for example payload is 65537"A" server will return payload with additional suffix with random information. The size of suffix is increase with size of payload...

viettelappsclub.opera.com XSS vulnerability

Vulnerable URL: http://viettelappsclub.opera.com/store?categoryId=3"=See all Details: Description| Value ---|--- Patched:| Yes, at 30.08.2017 Latest check for patch:| 30.08.2017 07:00 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

Concrete CMS: Stored XSS vulnerability in RSS Feeds Description field

Intro "Pirates of the Crayons" Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.2.0 RC2 rev. b54f2b451f0a0804699c4cf9f0b3a8fef0e407db July 10th Summary There is Stored XSS vulnerability in RSS Feeds Description property. Value of the textarea is not...

Concrete CMS: Stored XSS in Name field in User Groups/Group Details form

Intro "The Crayons of Madagascar" Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.2.0 RC2 rev. 32c9daf352645d4fafedb7b956e7f2de4e153ab3 Summary There is Stored XSS vulnerability in User Groups-Group Details Name field. This vulnerability might be used ...

Concrete CMS: Stored XSS in Private Messages 'Reply' allows to execute malicious JavaScript against any user while replying to the message which contains payload

Intro "Back to the Crayons" Type of issue: Core CMS issue Level of severity: External Attack Vector Concrete5 version: 8.2.0 RC2 rev. 32c9daf352645d4fafedb7b956e7f2de4e153ab3 July 8th Summary There is Stored XSS vulnerability in Private Messages 'Reply' feature, when original message is quoted in...

My first working week with Opera Reborn

So, last Monday I changed my Chrome to the new Opera. It was an experiment to feel how is it “really” different from Chrome. I should mention before writing this post two important things about my background: 1. I was an Opera user since 2003 to 2010 and then moved to Chrome because of the many...

Opera browser - latest news - Exported components, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Opera browser - latest news published at the 'play' market has multiple vulnerabilities...

Opera Max - Data manager - BSD license, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Opera Max - Data manager published at the 'play' market has multiple vulnerabilities...

Oracle Hospitality OPERA 5 Property Services Remote Vulnerability (CNVD-2017-08077)

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle Corporation. The solution provides human resource cost management, tracking and management of services throughout a customer's journey to improve customer...

Oracle Hospitality OPERA 5 Property Services Remote Vulnerability (CNVD-2017-08076)

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle Corporation. The solution provides human resource cost management, tracking and management of services throughout a customer's journey to improve customer...

Opera Web Browser Address Bar Spoofing Vulnerability

Opera Mini and Opera Stable are both web browsers developed by the Norwegian company Opera Software. An address bar spoofing vulnerability exists in Opera Mini version 13 and Opera Stable version 36. A remote attacker can exploit this vulnerability to spoof the displayed URL with a specially...

CVE-2017-3574

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA License code configuration. Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability allow...