7657 matches found
Atlassian Confluence < 5.10.6 - Persistent Cross-Site Scripting
===== Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ============== Persisted Cross-Site Scripting XSS in Confluence Jira Software ---------------------------------------------------------------- Authors: - Jodson Santos - [email protected] Tempest Security Intelligence -...
Persistent Cross-site Scripting (XSS)
Products.PortalTransforms is vulnerable to persistent cross-site scripting XSS attack. It allows an attacker to use markup that bypasses Plone's safehtml filter to insert and save arbitrary HTML with malicious content...
Docebo LMS v6.9 - (Clone Links) Persistent Vulnerability
Document Title: =============== Docebo LMS v6.9 - Clone Links Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1878 Release Date: ============= 2016-12-19 Vulnerability Laboratory ID VL-ID: ==================================== 187...
Docebo LMS v6.9 - (Clone Links) Persistent Vulnerability
Document Title: =============== Docebo LMS v6.9 - Clone Links Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1878 Release Date: ============= 2016-12-19 Vulnerability Laboratory ID VL-ID: ==================================== 187...
CVE-2016-3173
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file e.g. an image which gets displayed at the portal application. Using script code at the file name leads t...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the affected interface on an affected device. More Information: CSCvb37346...
Incorrect persistent NameID generation
More info at https://simplesamlphp.org/security/201612-04...
CVE-2016-6622
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
DEBIAN-CVE-2016-6622
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
ALPINE-CVE-2016-6622
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
Design/Logic Flaw
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
UBUNTU-CVE-2016-6622
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
CVE-2016-6622
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
CVE-2016-6622
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...
Starbucks: Persistent XSS in www.starbucks.com
There is a persistent XSS in https://www.starbucks.com/coffee/espresso/latte-macchiato It is caused by loading scripts from: //starbucksmacchiato-prod.elasticbeanstalk.com/scripts/bn-v1.0.0-Release-min.js Note that starbucksmacchiato-prod.elasticbeanstalk.com is not registered on elastic beanstal...
New Large-Scale DDoS Attacks Follow Schedule
A powerful new botnet is being blamed for massive and sustained DDoS attacks that security researchers at CloudFlare compare to Mirai when it comes to intensity and scope. The attacks began Nov. 23 and ran for eight hours daily, similar to an average workday. The consistent attacks occurred for...
U.S. Dept Of Defense: XSS vulnerability on an Army website
A U.S. Army website was vulnerable to a cross-site scripting attack which may be used to trick a web user into executing a malicious script, potentially revealing a user's browser cookies or modify web content. spam404 was able to demonstrate this vulnerability by crafting a specially formatted...
Tenda / D-Link / TP-Link DHCP Cross Site Scripting
Document Title: =============== Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1990 Release Date: ============= 2016-11-28 Vulnerability Laboratory ID VL-ID: ====================================...
Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability
Document Title: =============== Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1990 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20372...
Burden TMA v2.1.1 - (Task) Persistent Web Vulnerability
Document Title: =============== Burden TMA v2.1.1 - Task Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1998 Release Date: ============= 2016-11-26 Vulnerability Laboratory ID VL-ID: ==================================== 199...