7660 matches found
CVE-2017-15304
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...
CVE-2017-15304
CVE-2017-15304 affects Airtame HDMI dongle Web Panel. The /bin/login.php vulnerability in firmware before 3.0 lets an attacker set a session id via a Cookie: PHPSESSID header, enabling persistent admin access even after a password change. Impact: unauthorized admin session persistence. Affected: ...
CVE-2017-10612
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...
Cross site scripting
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...
CVE-2017-10612 Junos Space: Persistent Cross site scripting in Junos Space
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...
Cross site scripting
A persistent stored XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admindevice/index.php...
Qards - Stored Cross-Site Scripting (XSS)
Google Dork: inurl:"plugins/qards" Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way. The vulnerable script...
CVE-2017-15188
EyesOfNetwork (EON) web interface (eonweb) 5.1-0 has a stored XSS vulnerability exploitable via the hosts array parameter in module/admin_device/index.php. Reported as CVE-2017-15188, the issue permits remote authenticated administrators to inject arbitrary script/HTML. Multiple connected sources...
Warning: Millions Of P0rnHub Users Hit With Malvertising Attack
Researchers from cybersecurity firm Proofpoint have recently discovered a large-scale malvertising campaign that exposed millions of Internet users in the United States, Canada, the UK, and Australia to malware infections. Active for more than a year and still ongoing, the malware campaign is bei...
CVE-2017-9537
SolarWinds Network Performance Monitor 12.0.15300.90 is affected by CVE-2017-9537 (and related records) due to a persistent XSS in the Add Node function. An attacker can inject arbitrary JavaScript into multiple vulnerable parameters (e.g., City, Comments, Department) during node-adding workflows...
SolarWinds Network Performance Monitor 12.0.15300.90 Cross Site Scripting
------------------------------------------------------------- Vulnerability type: Persistent Cross-Site Scripting ------------------------------------------------------------- Credit: Andy Tan CVE ID: CVE-2017-9537 ----------------------------------------------- Product: SolarWinds Network...
Google Kubernetes Information Disclosure Vulnerability
Google Kubernetes is an open source Docker container cluster management system from Google, Inc. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A security vulnerability exists in Google Kubernetes, which...
CVE-2017-1002100
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
CVE-2017-1002100
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
CVE-2017-1002100
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
Default credentials
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
CVE-2017-1002100
CVE-2017-1002100 concerns default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider (versions 1.6.0–1.6.5). The issue is that PVs are configured with the container access mode, exposing a URI on the public internet without requiring authentication. Acc...
CVE-2017-1002100
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
CVE-2017-1002100
Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...
Description of the security update for Skype for Business 2016: September 12, 2017
Description of the security update for Skype for Business 2016: September 12, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...