361 matches found
CVE-2018-5228
The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...
Cross site scripting
The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...
CVE-2018-5228
The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...
XSS through header injection in the /browse/~raw resource - CVE-2018-5228
The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...
XSS through header injection in the /browse/~raw resource - CVE-2018-5228
The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...
XSS through header injection in the /browse/~raw resource - CVE-2018-5228
The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...
CVE-2018-1000007
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...
Knockpy - Enumerate Subdomain Scanner
Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the...
CVE-2017-7667
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin...
Cross-site Scripting (XSS)
nifi-jetty is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript because the library does have the sufficient response headers to only allow framing from the same origin...
McAfee Network Data Loss Prevention Information Disclosure Vulnerability (CNVD-2017-07548)
McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP has a Web server information leakage vulnerability in the server implementation, which can be exploited by remote attackers to exploit other vulnerabilities via the HTTP response...
Weblate: HttpOnly Flag not set
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this application then the cookie will be accessible and can be transmitted to another site. HTTP/1.1 200 OK Server: nginx Date: Wed, 26 Apr 2017 08:27:17...
Backup Directory
A common practice when administering web applications is to create a copy/backup of a particular directory prior to making any modification. Another common practice is to add an extension or change the name of the original directory to signify that it is a backup examples include .bak, .orig,...
Common Files Detection
Scanner has detected common sensitive files on the remote web server. Web applications are often made up of multiple files and directories. It is possible that over time some files may become unreferenced unused by the web application and forgotten about by the administrator or developer. Because...
Backup File
A common practice when administering web applications is to create a copy/backup of a particular file or directory prior to making any modification to the file. Another common practice is to add an extension or change the name of the original file to signify that it is a backup examples include...
Shopify: Stored XSS in https://productreviews.shopifyapps.com/proxy/v4/reviews/product
Hi , I have found a stored XSS issue in https://productreviews.shopifyapps.com Details: Going to https://productreviews.shopifyapps.com/proxy/v4/reviews/product?productid=8254331011&version=v4&shop=zh5403-attacker.myshopify.com&=cache&callback=test will show you the details of a product with the ...
Red Hat JBoss Enterprise Application Platform HTTP Header Injection Vulnerability
Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. An HTTP header injection vulnerability exists in Red Hat JBoss...
Silver Stripe CMS: source code security analysis report
Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...
Moodle: source code security analysis report
Several vulnerabilities were discovered in Moodle 'Moodle' software: File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Incorrect Newline Symbol Filtration in HTTP-response Headers Using Insufficiently Random Generators in Cryptography HttpOnly Cooki...
WooCommerce plugin for WordPress: source code security analysis report
Several vulnerabilities were discovered in WooThemes 'WooCommerce plugin for WordPress' software: File System Path Manipulation Using Global Variables Incorrect Newline Symbol Filtration in HTTP-response Headers Hardcoded Credentials...