Lucene search
K

7660 matches found

Atlassian
Atlassian
added 2017/08/17 6:8 a.m.45 views

XSS in User Macros Description Field

We received external report about XSS in User Macros Field: quote The description field in User Macros is vulnerable to persistent XSS. The XSS will be executed when the user chooses the macro from the macro selector. quote Steps to reproduce: 1 Go to http://localhost:8090/admin/usermacros.action...

4.8CVSS0.7AI score0.00612EPSS
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2017/08/15 10:36 a.m.13 views

Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan

Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution. Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not t...

0.1AI score
Exploits0References3
Citrix
Citrix
added 2017/08/15 12:0 a.m.6 views

2.x - Increasing the User Layer size for a Persistent Desktop

C drive of a 2.x desktop is running low on space...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2017/08/10 12:0 a.m.11 views

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shaikh...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2017/08/10 12:0 a.m.21 views

Piwigo User Tag 0.9.0 Cross Site Scripting

Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/08/10 12:0 a.m.25 views

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shai...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2017/08/10 12:0 a.m.39 views

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting

Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

7.4AI score
Exploits0
OSV
OSV
added 2017/08/05 9:29 p.m.3 views

CVE-2017-12572

Persistent Cross Site Scripting XSS exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104...

4.8CVSS5.8AI score0.00503EPSS
Exploits0References1
Prion
Prion
added 2017/08/05 9:29 p.m.21 views

Cross site scripting

Persistent Cross Site Scripting XSS exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104...

3.5CVSS4.9AI score0.00503EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/08/05 9:0 p.m.59 views

CVE-2017-12572

CVE-2017-12572 affects Splunk Enterprise (versions <6.5.2 for 6.5.x, <6.4.6 for 6.4.x, <6.3.9 for 6.3.x) and Splunk Light (

4.8CVSS4.9AI score0.00503EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/08/03 8:29 a.m.12 views

Cross site scripting

Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router...

4.3CVSS6.1AI score0.01815EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2017/08/03 8:29 a.m.5 views

CVE-2017-11320

Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router...

6.1CVSS5.8AI score0.01815EPSS
Exploits3References2
CVE
CVE
added 2017/08/03 8:0 a.m.52 views

CVE-2017-11320

The CVE-2017-11320 entry concerns Technicolor TC7337 routers (firmware 08.89.17.20.00) with a persistent XSS vulnerability in the SSID handling. The XSS can be triggered by the SSID of nearby devices and is described as enabling DNS poisoning and credentials theft from the router. Publicly docume...

6.1CVSS6AI score0.01815EPSS
Exploits3References2Affected Software1
Exploit DB
Exploit DB
added 2017/08/03 12:0 a.m.94 views

Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting

// Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//' // out, grab yours ! +--- it will cause the browser to...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/08/02 12:0 a.m.68 views

Technicolor TC7337 - SSID Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications // Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//' //...

4.3CVSS6.5AI score0.01815EPSS
Exploits3
Hacker One
Hacker One
added 2017/07/28 1:50 p.m.20 views

Unikrn: Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.

Description Hi. Today i looked to some outscope subdomains .pinion.gg for recon purposes. I discovered an interesting file on http://templ4d2.pinion.gg/motd2.manifest with next content: CACHE MANIFEST 2014-07-07 CACHE: http://bin.pinion.gg/bin/companions.min.js...

0.3AI score
Exploits0
Citrix
Citrix
added 2017/07/28 12:0 a.m.8 views

App Layering: Recipe for QuickBooks

QuickBooks is an application that licenses and registers to the volume serial number of the local hard disk. When the license is created an encrypted file is stored that can only be unencrypted if the volume serial number matches the system it was installed on. When Unidesk creates a new desktop,...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2017/07/27 7:30 p.m.15 views

Attack Uses Docker Containers To Hide, Persist and Plant Malware

LAS VEGAS—A novel attack vector allows for adversaries to abuse the Docker API to hide malware on targeted systems, and even execute remote code. The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce,...

1.3AI score
Exploits0References1
Prion
Prion
added 2017/07/27 6:29 a.m.13 views

Cross site scripting

Multiple Persistent cross-site scripting XSS vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog...

4.3CVSS6AI score0.01265EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/07/27 6:0 a.m.44 views

CVE-2017-11687

Summary: CVE-2017-11687 concerns Zoho ManageEngine Event Log Analyzer (versions 11.4 and 11.5). The cited sources describe a persistent cross-site scripting (XSS) vulnerability in the Event Log Parser and the Display function, allowing remote attackers to inject arbitrary web script or HTML via s...

6.1CVSS6AI score0.01265EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder