KLA10914 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome prior to 54.0.2840.59. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, inject code or possibly cause denial of service. Below is a complete list of vulnerabilities: 1. Missed...

PHP FormMail Generator Security Bypass Vulnerability (CNVD-2016-12386)

PHP FormMail Generator is a suite of PHP applications for generating standard web forms for inclusion in PHP or WordPress websites. A security bypass vulnerability exists in PHP FormMail Generator. A remote attacker can exploit this vulnerability to inject PHP code or perform unauthorized...

CVE-2016-9751

Cross-site scripting XSS vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter...

CVE-2016-6461

CVE-2016-6461 affects Cisco ASA: a vulnerability in the HTTP web-based management interface could allow an unauthenticated, remote attacker to inject arbitrary XML commands via improperly validated XML input. Affected release mentioned: 9.1(6.10). Recommended fixed releases (per sources): 100.11(...

Trend Micro Smart Protection Server Exec Remote Code Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' require 'base64' class MetasploitModule "Trend Micro Smart Protection Server Exec Remote Code Injection", 'Description' = %q This...

CVE-2016-9188

Cross-site scripting XSS vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the sadditionalhtmlhead, sadditionalhtmltopofbody, and sadditionalhtmlfooter parameters...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

PT-2016-15: Cross-Site Scripting in SAP NetWeaver

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in SAP NetWeaver. Reflected cross-site scripting in the "/com.sap.portal.design.datamigration.LogPortalComponen" component allows remote attackers to inject arbitrary HTML tags including JavaScript...

CVE-2016-7125

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection...

CVE-2016-7125

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection...

CVE-2016-5147

Removed by vendor...

CVE-2016-4848

Cross-site scripting XSS vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Trend Micro Smart Protection Server Exec Remote Code Injection

This module exploits a vulnerability found in TrendMicro Smart Protection Server where untrusted inputs are fed to ServWebExec system command, leading to command injection. Please note: authentication is required to exploit this vulnerability. This module requires Metasploit:...

CVE-2016-6634

Cross-site scripting XSS vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-4585

Cross-site scripting XSS vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari...

The vulnerability of the antivirus software Internet Security allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the antivirus software Internet Security exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...

CVE-2016-5733

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document...

Banshee 2.6.2 - .mp3 Crash (PoC)

Banshee 2.6.2 - .mp3 Crash PoC ''' Title: ==== Banshee 2.6.2 Local Buffer Overflow Vulnerability Credit: ====== Name: Ilca Lucian Contact: [email protected] [email protected] CVE: ===== Unknown for moment Product: ======= Play your music and videos. Keep up with your podcasts and Internet...

The vulnerability of the ColdFusion interpreter allows attackers to inject arbitrary Web or HTML code.

The vulnerability of the ColdFusion interpreter exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject any desired Web or HTML code remotely...