Design/Logic Flaw

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-13002

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-13002

The CVE-2018-13002 entry concerns Weblication CMS Core & Grid v12.6.24. A cross-site scripting (XSS) flaw exists in the wFilemanager.php and index.php files within the /grid5/scripts/ module. The vulnerability targets the Project Title field in the Inhaltsprojekte listing, allowing remote attacke...

SonicWall SonicOS NSA Web Firewall Cross Site Scripting

Document Title: =============== SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1725 Release Date: ============= 2018-01-06 Vulnerability Laboratory ID VL-ID:...

CVE-2017-16636

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...

CVE-2017-16636

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...

Attack Uses Docker Containers To Hide, Persist and Plant Malware

LAS VEGAS—A novel attack vector allows for adversaries to abuse the Docker API to hide malware on targeted systems, and even execute remote code. The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce,...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the affected interface on an affected device. More Information: CSCvb37346...

ntp: slow memory leak in CRYPTO_ASSOC

A memory leak flaw was found in ntpd's CRYPTOASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory...

Getdpd BB #3 - Persistent Cross Site Scripting Vulnerability

Document Title: =============== Getdpd BB 3 - Persistent Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1567 ID: 14771 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID:...

Cross-Site Scripting

Overview Versions 1.6.2 and earlier of serve-index are affected by a cross-site scripting vulnerability. Because file and directory names are not escaped in the module's HTML output, a remote attacker that can influence file or directory names can launch a persistent cross-site scripting attack o...

PayPal Inc BB #42 - Persistent POST Inject Vulnerability

Document Title: =============== PayPal Inc BB 42 - Persistent POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=801 PayPal Security UID: kxy1ea5ech Release Date: ============= 2013-11-17 Vulnerability Laboratory ID VL-ID:...

Remote File Manager v1.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== Remote File Manager v1.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=882 Release Date: ============= 2013-02-23 Vulnerability Laboratory ID VL-ID: ====================================...

Micro CMS v1.0.1 - Persistent Cross Site Scripting Vulnerability

Document Title: =============== Micro CMS v1.0.1 - Persistent Cross Site Scripting Vulnerability Release Date: ============= 2011-07-12 Vulnerability Laboratory ID VL-ID: ==================================== 152 Product & Service Introduction: =============================== Parallels Plesk Panel...

Parallels Plesk v9.0.2b - Cross Site Scripting Vulnerability

Document Title: =============== Parallels Plesk v9.0.2b - Cross Site Scripting Vulnerability Release Date: ============= 2011-06-12 Vulnerability Laboratory ID VL-ID: ==================================== 153 Product & Service Introduction: =============================== Parallels Plesk Panel ist...

Project Forum 6.5.2.2978 Cross Site Request Forgery / Cross Site Scripting

!--========================================================================================================= //\ /\ /\ /\ /\ /\ ///\ //\ /\ /\///\ // \ // //\ \ / //\ \ / // //\ \ /\\ \ \ \ / / / / // \ \ // // // // \ // //\ \\ \ // /// \ \ / \ / // / // / / / / / \ \ / / / ...

Pinnacle ShowCenter 1.51 - Web Interface Skin Denial of Service

source: https://www.securityfocus.com/bid/11232/info The Pinnacle Systems ShowCenter web-based interface is reported prone to a remote denial of service vulnerability. The issue exists due to a lack of sanity checks performed on the Skin parameter of a ShowCenter script. It is reported that the...

Pinnacle ShowCenter 1.51 - Web Interface Skin Denial of Service

Pinnacle ShowCenter 1.51 - Web Interface Skin Denial of Service source: https://www.securityfocus.com/bid/11232/info The Pinnacle Systems ShowCenter web-based interface is reported prone to a remote denial of service vulnerability. The issue exists due to a lack of sanity checks performed on the...

OptiSoft Blubster 2.5 - Remote Denial of Service

OptiSoft Blubster 2.5 - Remote Denial of Service // source: https://www.securityfocus.com/bid/8482/info t has been reported that Blubster is prone to a remote denial of service vulnerability due to a port flooding attack on TCP port 701. The problem is reported to present itself when a remote...