7657 matches found
Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability
Document Title: =============== Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2046 Release Date: ============= 2017-03-28 Vulnerability Laboratory ID VL-ID: ====================================...
OnePlus 3/3T open up an ADB session without authorization (CVE-2017-5622)
Last month we published CVE-2017-5626 patched in OxygenOS 4.0.2, a vulnerability which allowed attackers to effectively unlock a OnePlus 3/3T device without a factory reset. Combining this with our also discovered CVE-2017-5624 patched in OxygenOS 4.0.3 enabled a powerful attack against locked...
Create non-persistent vm on XenServer
You can create a non-persistent XenServer VM by setting the VDI param to on-boot=reset VM will reset to original state after each reboot...
Unpatchable 'DoubleAgent' Attack Can Hijack All Windows Versions — Even Your Antivirus!
A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer. Dubbed DoubleAgent, the new injecting code technique works on all versions of Microsoft Windows operating...
Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability
Document Title: =============== Zenario v7.6 - Delete Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2042 Release Date: ============= 2017-03-20 Vulnerability Laboratory ID VL-ID: ====================================...
Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability
Document Title: =============== Zenario v7.6 - Delete Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2042 Release Date: ============= 2017-03-20 Vulnerability Laboratory ID VL-ID: ====================================...
Zenario v7.6 - Persistent Cross Site Scripting Vulnerability
Document Title: =============== Zenario v7.6 - Persistent Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2044 https://github.com/TribalSystems/Zenario/commit/cd60f1c8a179ebb779fe0acc051b93f477129b1a Release Date:...
CVE-2017-5624
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
Privilege escalation
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery
!-- + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FTP-VOYAGER-SCHEDULER-CSRF-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ============== solarwinds.com www.serv-u.com Product: ==================== FTP Voyager...
Laravel 5.4 Cross Site Scripting
Exploit Title: Laravel non-presistent XSS in validation of arrays Date: 06/03/2017 Exploit Author: MaHDyfo mahdyfofthe at signgmail.com Vendor Homepage: laravel.com Version: 5.4 In Laravel validation rules, assume that you set a rule to get an array input. $this-validate$request, 'lessons' =...
WordPress NewStatPress 1.2.4 Cross Site Scripting
------------------------------------------------------------------------ Persistent Cross-Site Scripting in the WordPress NewStatPress plugin ------------------------------------------------------------------------ Han Sahin, July 2016...
CVE-2017-6103
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1...
CVE-2017-6102
Persistent XSS in wordpress plugin rockhoist-badges v1.2.2...
CVE-2017-6103
CVE-2017-6103 affects the WordPress AnyVar plugin (v0.1.1). Connected sources describe a stored/persistent XSS vulnerability in AnyVar that can lead to execution of arbitrary script in a user’s browser and, per CNVD, potentially access cookie-based credentials. Exploitation details are not provid...
CVE-2017-6103
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1...
CVE-2017-6102
CVE-2017-6102 affects the WordPress plugin rockhoist-badges v1.2.2, with a persistent (stored) XSS flaw caused by insufficient input validation. Several connected sources describe this as an authenticated stored XSS vulnerability that could allow an attacker to execute scripts in a victim’s brows...
Air Transfer Cross-Site Scripting Vulnerability
Air Transfer Pro is an application for transferring files from your computer to your cell phone over a wireless network. Air Transfer suffers from a cross-site scripting vulnerability that allows remote attackers to exploit exploits to inject script code into client application requests with...
WordPress Plugin NewStatPress 1.2.4 - Persistent Cross-Site Scripting (XSS) vulnerability
WordPress Plugin NewStatPress 1.2.4 has a persistent Cross-Site Scripting XSS vulnerability discovered on Summer Of Pwnage event Solution Update plugin to the latest version at least 1.2.5...
Palo Alto PAN-OS Cross-Site Scripting in the Management Web Interface
A persistent cross-site scripting XSS vulnerability exists in the management web interface. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...