Lucene search
K

7657 matches found

Vulnerability Lab
Vulnerability Lab
added 2017/03/28 12:0 a.m.33 views

Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability

Document Title: =============== Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2046 Release Date: ============= 2017-03-28 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/03/27 12:0 a.m.113 views

OnePlus 3/3T open up an ADB session without authorization (CVE-2017-5622)

Last month we published CVE-2017-5626 patched in OxygenOS 4.0.2, a vulnerability which allowed attackers to effectively unlock a OnePlus 3/3T device without a factory reset. Combining this with our also discovered CVE-2017-5624 patched in OxygenOS 4.0.3 enabled a powerful attack against locked...

10CVSS8.8AI score0.0282EPSS
Exploits7
Citrix
Citrix
added 2017/03/22 12:0 a.m.8 views

Create non-persistent vm on XenServer

You can create a non-persistent XenServer VM by setting the VDI param to on-boot=reset VM will reset to original state after each reboot...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2017/03/21 9:14 p.m.45 views

Unpatchable 'DoubleAgent' Attack Can Hijack All Windows Versions — Even Your Antivirus!

A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer. Dubbed DoubleAgent, the new injecting code technique works on all versions of Microsoft Windows operating...

7.2CVSS6.7AI score0.00935EPSS
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2017/03/20 12:0 a.m.33 views

Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability

Document Title: =============== Zenario v7.6 - Delete Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2042 Release Date: ============= 2017-03-20 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2017/03/20 12:0 a.m.45 views

Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability

Document Title: =============== Zenario v7.6 - Delete Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2042 Release Date: ============= 2017-03-20 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2017/03/16 12:0 a.m.40 views

Zenario v7.6 - Persistent Cross Site Scripting Vulnerability

Document Title: =============== Zenario v7.6 - Persistent Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2044 https://github.com/TribalSystems/Zenario/commit/cd60f1c8a179ebb779fe0acc051b93f477129b1a Release Date:...

7.1AI score
Exploits0
NVD
NVD
added 2017/03/12 5:59 a.m.27 views

CVE-2017-5624

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...

10CVSS9.5AI score0.02673EPSS
Exploits3References1
Prion
Prion
added 2017/03/12 5:59 a.m.34 views

Privilege escalation

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...

10CVSS9.4AI score0.02673EPSS
Exploits3References1Affected Software1
Exploit DB
Exploit DB
added 2017/03/10 12:0 a.m.46 views

FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery

!-- + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FTP-VOYAGER-SCHEDULER-CSRF-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ============== solarwinds.com www.serv-u.com Product: ==================== FTP Voyager...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/03/07 12:0 a.m.98 views

Laravel 5.4 Cross Site Scripting

Exploit Title: Laravel non-presistent XSS in validation of arrays Date: 06/03/2017 Exploit Author: MaHDyfo mahdyfofthe at signgmail.com Vendor Homepage: laravel.com Version: 5.4 In Laravel validation rules, assume that you set a rule to get an array input. $this-validate$request, 'lessons' =...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/03/03 12:0 a.m.45 views

WordPress NewStatPress 1.2.4 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in the WordPress NewStatPress plugin ------------------------------------------------------------------------ Han Sahin, July 2016...

Exploits0
NVD
NVD
added 2017/03/02 10:59 p.m.15 views

CVE-2017-6103

Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1...

6.1CVSS6AI score0.0091EPSS
Exploits0References2
NVD
NVD
added 2017/03/02 10:59 p.m.9 views

CVE-2017-6102

Persistent XSS in wordpress plugin rockhoist-badges v1.2.2...

6.1CVSS6AI score0.01353EPSS
Exploits1References3
CVE
CVE
added 2017/03/02 10:0 p.m.49 views

CVE-2017-6103

CVE-2017-6103 affects the WordPress AnyVar plugin (v0.1.1). Connected sources describe a stored/persistent XSS vulnerability in AnyVar that can lead to execution of arbitrary script in a user’s browser and, per CNVD, potentially access cookie-based credentials. Exploitation details are not provid...

6.1CVSS5.9AI score0.0091EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/03/02 10:0 p.m.17 views

CVE-2017-6103

Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1...

6AI score0.0091EPSS
Exploits0References2
CVE
CVE
added 2017/03/02 10:0 p.m.42 views

CVE-2017-6102

CVE-2017-6102 affects the WordPress plugin rockhoist-badges v1.2.2, with a persistent (stored) XSS flaw caused by insufficient input validation. Several connected sources describe this as an authenticated stored XSS vulnerability that could allow an attacker to execute scripts in a victim’s brows...

6.1CVSS5.9AI score0.01353EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2017/03/02 12:0 a.m.2 views

Air Transfer Cross-Site Scripting Vulnerability

Air Transfer Pro is an application for transferring files from your computer to your cell phone over a wireless network. Air Transfer suffers from a cross-site scripting vulnerability that allows remote attackers to exploit exploits to inject script code into client application requests with...

6.4AI score
Exploits0References1
Patchstack
Patchstack
added 2017/03/01 12:0 a.m.8 views

WordPress Plugin NewStatPress 1.2.4 - Persistent Cross-Site Scripting (XSS) vulnerability

WordPress Plugin NewStatPress 1.2.4 has a persistent Cross-Site Scripting XSS vulnerability discovered on Summer Of Pwnage event Solution Update plugin to the latest version at least 1.2.5...

2.3AI score
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2017/02/22 12:0 a.m.18 views

Palo Alto PAN-OS Cross-Site Scripting in the Management Web Interface

A persistent cross-site scripting XSS vulnerability exists in the management web interface. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

5.4CVSS5.1AI score0.00836EPSS
Exploits0References1
Rows per page
Query Builder