7660 matches found
XSS in User Macros Description Field
We received external report about XSS in User Macros Field: quote The description field in User Macros is vulnerable to persistent XSS. The XSS will be executed when the user chooses the macro from the macro selector. quote Steps to reproduce: 1 Go to http://localhost:8090/admin/usermacros.action...
Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan
Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution. Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not t...
2.x - Increasing the User Layer size for a Persistent Desktop
C drive of a 2.x desktop is running low on space...
Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting
Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shaikh...
Piwigo User Tag 0.9.0 Cross Site Scripting
Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...
Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shai...
Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting
Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...
CVE-2017-12572
Persistent Cross Site Scripting XSS exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104...
Cross site scripting
Persistent Cross Site Scripting XSS exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104...
CVE-2017-12572
CVE-2017-12572 affects Splunk Enterprise (versions <6.5.2 for 6.5.x, <6.4.6 for 6.4.x, <6.3.9 for 6.3.x) and Splunk Light (
Cross site scripting
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router...
CVE-2017-11320
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router...
CVE-2017-11320
The CVE-2017-11320 entry concerns Technicolor TC7337 routers (firmware 08.89.17.20.00) with a persistent XSS vulnerability in the SSID handling. The XSS can be triggered by the SSID of nearby devices and is described as enabling DNS poisoning and credentials theft from the router. Publicly docume...
Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting
// Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//' // out, grab yours ! +--- it will cause the browser to...
Technicolor TC7337 - SSID Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications // Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//' //...
Unikrn: Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.
Description Hi. Today i looked to some outscope subdomains .pinion.gg for recon purposes. I discovered an interesting file on http://templ4d2.pinion.gg/motd2.manifest with next content: CACHE MANIFEST 2014-07-07 CACHE: http://bin.pinion.gg/bin/companions.min.js...
App Layering: Recipe for QuickBooks
QuickBooks is an application that licenses and registers to the volume serial number of the local hard disk. When the license is created an encrypted file is stored that can only be unencrypted if the volume serial number matches the system it was installed on. When Unidesk creates a new desktop,...
Attack Uses Docker Containers To Hide, Persist and Plant Malware
LAS VEGAS—A novel attack vector allows for adversaries to abuse the Docker API to hide malware on targeted systems, and even execute remote code. The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce,...
Cross site scripting
Multiple Persistent cross-site scripting XSS vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog...
CVE-2017-11687
Summary: CVE-2017-11687 concerns Zoho ManageEngine Event Log Analyzer (versions 11.4 and 11.5). The cited sources describe a persistent cross-site scripting (XSS) vulnerability in the Event Log Parser and the Display function, allowing remote attackers to inject arbitrary web script or HTML via s...