7657 matches found
Cross-Site Scripting in the Management Web Interface
A persistent cross-site scripting XSS vulnerability exists in the management web interface ref PAN-66838 / CVE-2017-5584. PAN-OS contains a post-authentication vulnerability that may allow for a persistent cross-site scripting XSS attack of the management web interface. Successful exploitation of...
Telekom Cloud SSO Cross Site Scripting
Document Title: =============== Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2021 Incident ID: 20161205FKr02 Vulnerability Magazine:...
Elefant CMS 1.3.12-RC Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Elefant CMS 1.3.12-RC Fixed in: 1.3.13 Fixed Version https://github.com/jbroadway/elefant/releases/tag/ Link: elefant1313rc Vendor Website: https://www.elefantcms.com/ Vulnerability XSS Type: Remote Yes Exploitable:...
WordPress Easy Table 1.6 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2017-001 - Original release date: Feb 07, 2017 - Last revised: Feb 12, 2017 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score...
Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities
Document Title: =============== Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2021 Incident ID: 20161205FKr02 Vulnerability Magazine:...
WordPress XO Security plugin <=1.5.2 - Persistent Cross-Site Scripting (XSS) vulnerability
WordPress XO Security plugin Persistent Cross-Site Scripting XSS vulnerability was found in 1.5.2 version. The password is not sanitized in failedlogin function. Solution Update the plugin...
MGASA-2017-0042 Updated openssl packages fix security vulnerability
There is a carry propagation bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. mong EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation CVE-2016-7055. If an...
Updated openssl packages fix security vulnerability
There is a carry propagation bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. mong EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation CVE-2016-7055. If an...
Brave Software: Brave payments remembers history even after clearing all browser data.
NOTE! Thanks for submitting a report! Please fill all sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty. Summary: As a user you expect the browser to not persist data after clearing browser data...
Bitrix Site Manager Cross Site Scripting
Hello list! There is Cross-Site Scripting vulnerability in Bitrix Site Manager. ------------------------- Affected products: ------------------------- Vulnerable was the last version of Bitrix Site Manager at 12.06.2015, when I found this vulnerability on web site of Russian terrorists. At that...
Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation Vulnerabilities
Revive Adserver versions 4.0.0 and below suffer from cross site scripting, session fixation, and deserialization of untrusted data vulnerabilities. Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation Applications affected: Revive Adserver Versions affected: = 4.0.1 Website:...
How A Bug Hunter Forced Apple to Completely Remove A Newly Launched Feature
Recently Apple released a new Feature for iPhone and iPad users, but it was so buggy that the company had no option other than rolling back the feature completely. In November, Apple introduced a new App Store feature, dubbed "Notify" button — a bright orange button that users can click if they...
Persistent Cross-site Scripting (XSS)
ghost is vulnerable to persistent cross-site scripting XSS. This is because it fails to sanitize user data, thus making it possible for an attacker to supply crafted input in order to harm third party users...
Harvest: Persistent XSS on ForecastApp
When adding a new Person, by inserting this in First or Last Name, I've got a persistent XSS: The key for this is that the person with the XSS string must appear in one or more dropdown menus. In other words, the Person must be available to be assigned to at least one project. I can also trigger...
Ghost Blog 0.11.3 Cross Site Scripting Vulnerability
Tempest Security Intelligence Advisory ADV-9/2017 - Ghost Blog version 0.11.3 suffers from a persistent cross site scripting vulnerability. Persistent Cross-Site Scripting XSS in Ghost ------------------------------------------------------- Author: - Patrick Costa Tempest Security Intelligence -...
Cisco Webex Meeting - Open Redirect Web Vulnerability
Document Title: =============== Cisco Webex Meeting - Open Redirect Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1950 PSIRT ID: 1079904098 Bulletin:...
Courier Management System - SQL Injection
Courier Management System - SQL Injection Title : Courier Management System - Sql Injection and non-persistent XSS login portal Date: 17 January 2017 Exploit Author: Sibusiso Sishi [email protected] Tested on: Windows7 x32 Vendor: http://couriermanageme.sourceforge.net/ Version: not supplied...
Apple iOS (Notify iTunes) - Bypass & Persistent Vulnerability
Document Title: =============== Apple iOS Notify iTunes - Bypass & Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2024 Followup ID: 654962036 Vulnerability Magazine:...
Apple iTunes Notify Script Insertion
Document Title: =============== Apple iTunes Notify - Bypass & Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2024 Followup ID: 654962036 Vulnerability Magazine:...
Business Networking Script 8.11 - SQL Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title : ----------- : Business Networking Script v8.11- SQLi & Persistent Cross Site Scripting Author : ----------------- : Ahmet Gurel Google Dork : --------- : - Date : -------------------- : 16/01/2017 Type : -------------------- :...