[SECURITY] Fedora 27 Update: php-phpmyadmin-motranslator-4.0-1.fc27

Translation API for PHP using Gettext MO files. Features All strings are stored in memory for fast lookup Fast loading of MO files Low level API for reading MO files Emulation of Gettext API No use of eval for plural equation Limitations Not suitable for huge MO files which you don't want to stor...

Audio Cutter Software - Code Injection Vulnerability

Exploit for windows platform in category dos / poc Technical Details: ================= Vulnerability Title: Audio Cutter Software - Code Injection Vulnerability Tool Name: Weeny Audio Cutter Software v1.5 Critical Level: High Author: Ajay Gowtham aka AJOXR Blackhat forums Type: Software Security...

OpenText Document Sciences xPression 4.5SP1 Patch 13 Cross Site Scripting

Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - Cross-Site Scripting Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14755 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression...

TYPO3 Formhandler 2.4.0 Cross Site Scripting

Advisory: Cross-Site Scripting in TYPO3 Formhandler Extension RedTeam Pentesting discovered a cross-site scripting vulnerability XSS in the TYPO3 extension Formhandler. Details ======= Product: TYPO3 Formhandler Affected Versions: 2.4.0 and probably earlier Fixed Versions: none, project no longer...

Grab: [parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/

Summary: DOM Based XSS or as it is called in some texts, “type-0 XSS” is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to...

Cross site scripting

irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS...

Newsletter by Supsystic - Authenticated Stored XSS & CSRF

Despite what the original advisory states, the affected POST parameter is "label". The CSRF issue was fixed in version 1.1.8, however, the Plugin still did not validate or output encode the "label" parameter...

Mail.ru: Reflected XSS on frag.mail.ru

Domain, site, application The "frag.mail.ru" is affected by a reflected XSS vulnerability on the "/user/register/" handler. Testing environment The exploitation of the issue has been tested on the latest version at the time of writing of Firefox: 52.0.1 both 32 and 64 bit on Sierra and Windows 7...

WordPress Magic Fields 1 1.7.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Cross-Site Scripting in Magic Fields 1 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016...

WordPress Magic Fields 1 1.7.1 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting in Magic Fields 1 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ----------------------------------------------------------------------...

Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery

Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities...

Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery

Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability...

Zoneminder 1.29 / 1.30 CSRF / XSS / SQL Injection / Session Fixation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Session Fixation, No...

WordPress Google Maps 6.3.14 Cross Site Request Forgery

------------------------------------------------------------------------ Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF ------------------------------------------------------------------------ Sipke Mellema, July 2016...

Limny 2.2 Expression Language Injection

======================================================================== | Title : limny 2.2 Expression language injection vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 2.2 | Vendor : http://www.limny.org/ | Dork : n/a...

GoDaddy Patches Blind XSS Vulnerability

Domain registrar GoDaddy fixed a vulnerability affecting systems used by its customer support agents that could have been abused to take over, modify or delete accounts. Researcher Matthew Bryant said that a riff on a cross-site scripting attack called a blind XSS was to blame. A GoDaddy customer...

WordPress SiteMile Project 2.0.9.5 Theme - Multiple Vulnerabilities

Exploit for php platform in category web applications Wordpress ProjectTheme Multiple Vulnerabilities - - ------------------------------------------------------------ Affected Version ================ Project Theme: 2.0.9.5 Problem Overview ================ Technical Risk: high Likelihood of...

WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities

WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === LSE Leading Security Experts GmbH - Security Advisory 2016-01-01 === Wordpress ProjectTheme Multiple Vulnerabilities - -...

WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === LSE Leading Security Experts GmbH - Security Advisory 2016-01-01 === Wordpress ProjectTheme Multiple Vulnerabilities - - ------------------------------------------------------------ Affected Version ================ Project Theme: 2.0.9.5 Proble...