JQuery < 1.9.0 XSS

According to the self-reported version in the script, the version of JQuery hosted on the remote web server is prior to 1.9.0. It is, therefore, affected by a cross site scripting vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid135011; scriptversion"1.3...

Nextcloud: XSS in PDF Viewer

An outdated version of PDF.js in use allows for the CVE-2018-5158 vulnerability. When the payload PDF is shown in the supplied PDF viewer, it can execute arbitrary JavaScript. I have tested the payload PDF, and it is working in the Safari 13.0.5 the latest version and Firefox 74.0 the latest...

OMRON CX-Supervisor Vulnerable Third-Party Component Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Teamviewer tha...

WordPress facebook-for-woocommerce plugin cross-site request forgery vulnerability (CNVD-2019-30104)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers. facebook-for-woocommerce is a plug-in that enables marketing through Facebook. A cross-site request forgery vulnerability exis...

cPanel cross-site scripting vulnerability (CNVD-2019-28987)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the listftpstable AP in versions prior to cPanel 60.0.25. The vulnerabili...

Mozilla Thunderbird < 60.7.2

The version of Thunderbird installed on the remote Windows host is prior to 60.7.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-20 advisory. - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can...

Design/Logic Flaw

A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit...

Discourse 'CVE-2019-5418' LFI Vulnerability - Active Check

Discourse is prone to a LFI Local File Inclusion vulnerability if the hosting system is running an outdated version of Ruby on Rails. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Ruby on Rails 'CVE-2019-5418' LFI (Local File Inclusion) Vulnerability

The web application on the remote host is prone to a LFI Local File Inclusion vulnerability if the hosting system is running an outdated version of Ruby on Rails. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

Apache Tomcat 7.0.0 < 7.0.70

The version of Tomcat installed on the remote host is prior to 7.0.70. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.70security-7 advisory. - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70...

WakaTime: Using an outdated version of OpenSSH on db01.wakatime.com

Hii team once again, Hope you are better I have found that db01.wakatime.com is using an outdated version OpenSSH version leading to multiple vulnerability. How i find it I scanned the domain with nmap and it gives me a open port 222 and when i connect it with ncat it get connected and shows the...

Nextcloud: xss on demo.nextcloud.com due to outdated version

Hello. I found the possibility of introducing "html-tag" and of xss attack in the form of adding comments. Details video. Payload: Browser: Firefox 49.0 OS: Ubuntu 16.04...

IRCCloud: Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE

Summary ======== During my reconnaissance for your bug bounty program, I discovered an instance of nginx version 1.4.6 running at the IP address https://54.153.101.52. To locate it, I search for IRCCloud-related certificated and found the self-signed certificate for this server...

Drupal 7.x < 7.38 Multiple Vulnerabilities

Binary data 9217.prm...

Drupal 6.x < 6.35 / 7.x < 7.35 Multiple Vulnerabilities

Binary data 9213.prm...

Drupal 7.x < 7.39 Multiple Vulnerabilities

Binary data 9218.prm...

Drupal 6.x < 6.37 Multiple Vulnerabilities

Binary data 9215.prm...

Flash Player < 20.0.0.306 Multiple Vulnerabilities (APSB16-04)

Binary data 9153.prm...

Fedora 22 : php-udan11-sql-parser-3.0.4-1.fc22 / phpMyAdmin-4.5.1-1.fc22 (2015-17908c56c1)

phpMyAdmin 4.5.1.0 2015-10-23 =============================== - Invalid argument supplied for foreach - arraykeyexists expects parameter 2 to be array - Notice Undefined index: dropdatabase - Server variable edition in ANSIQUOTES sqlmode: losing current value - Propose table structure broken -...

Adobe Reader < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)

The version of Adobe Reader installed on the remote host is a version prior to 10.1.14 / 11.0.11. It is, therefore, affected by the following vulnerabilities : - A buffer overflow condition exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker can exploit thi...