HackerOne: HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms

Summary: I noticed that HackerOne career pages loads it's application forms from Greenhouse.io via an iframe. The ghjid parameter value is taken into the iframe element for the token parameter in the iframe URL boards.greenhouse.io. Any html characters are escaped in order to avoid XSS and possib...

undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...

undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...

undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...

CVE-2017-17059

XSS exists in the amtyThumb amty-thumb-recent-post aka amtyThumb posts or wp-thumb-post plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php...

CVE-2017-16562

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...

CVE-2017-16562

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...

WordPress UserPro Plugin Authentication Bypass Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.UserPro plugin for WordPress is a plugin for creating social platform sites using WordPress. The plugin has...

Avito: CSS injection in avito.ru via IE11

Hi Team Security @avito I discovered CSS Injection on avito.ru in form search via IE11 Description CSS injection vulnerabilities arise when an application imports a style sheet from a user-supplied URL, or embeds user input in CSS blocks without adequate escaping. They are closely related to...

Zendesk: Secret API Key Leakage via Query String

See title...

ljharb's qs module input validation vulnerability

A web framework is a framework used to support the development of dynamic websites, web applications, and web services. qs module is a string query parsing module used by developers when building web frameworks. A denial of service vulnerability exists in ljharb's qs module. An attacker could...

nodejs-qs: Prototype override protection bypass

It was found that ljharb's qs module for Node.js did not properly parse query strings. An attacker could send a specially crafted query that overwrites the resulting object's prototype properties such as toString or hasOwnProperty, resulting in a denial of service when the overwritten function...

MODX Revolution Cross-Site Scripting Vulnerability

MODX Revolution is a collection of easy-to-use content management systems CMS and application frameworks. A cross-site scripting vulnerability exists in login-fsp.html in MODX Revolution, which can be exploited by remote attackers to inject arbitrary web script or HTML via QUERYSTRING...

CVE-2017-12865

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted response query string passed to the "name" variable...

IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.13 / 9.0 < 9.0.0.5 Information Disclosure (PI82630)

The version of IBM WebSphere Application Server running on the remote host is 7.0 prior to 7.0.0.45, 8.0 prior to 8.0.0.14, 8.5 prior to 8.5.5.13, or 9.0 prior to 9.0.0.5. It is, therefore, affected by an unspecified information disclosure flaw due to sensitive information being cached insecurely...

Cross-site Scripting (XSS)

Magmi is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary webscript through the profile parameter of web/magmi.php or through querystring to web/magmiimportrun.php...

CVE-2017-11677

Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...

REDCap Cross-Site Scripting Vulnerability

REDCap is a free, secure, web-based application. It is designed to support data mining research. A cross-site scripting vulnerability exists in versions of REDCap prior to 7.5.1. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML with the help of a query strin...

Spoofing

REDCap before 7.5.1 has XSS via the query string...

CVE-2017-10962

REDCap before 7.5.1 has XSS via the query string...