Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-15836)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Web Framework in Cisco Firepower Management Center 5.4.1 and prior versions, which arises from the program failing to...

HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution Exp

Exploit for hardware platform in category remote exploits Create a bind shell on an unpatched OfficeJet 8210 Write a script to profile.d and reboot the device. When it comes back online then nc to port 1270. easysnmp instructions: sudo apt-get install libsnmp-dev pip install easysnmp import socke...

Microsoft Outlook Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or...

Cross-site scripting vulnerability in WordPress plugin "WordPress Download Manager"

Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

Cybozu KUNAI for Android vulnerable to cross-site scripting

Overview Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...

Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1258 MsMpEng's JS engine uses garbage collection to manage the lifetime of Javascript objects. During mark and sweep the GC roots the vectors representing the JS stack as well as a few other hardcoded objects, traversing reachable...

WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation

pageCacheState != Document::InPageCache ... mframe.document-prepareForDestruction; removeFocusedNodeOfSubtreemframe.document; ... mframe.setDocumentnullptr; domWindow; Click anywhere. function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; window.onclick = =...

WebKit FrameLoader::clear Variable Theft

WebKit: Stealing variables via page navigation in FrameLoader::clear CVE-2017-2515 void FrameLoader::clearDocument newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView mframe.editor.clear; if !mneedsClear return; mneedsClear = false; if...

Pi Engine Cross-Site Scripting Vulnerability

PI Engine is an open-source CMS system that is more widely used within some Internet companies. A cross-site scripting vulnerability exists in PI Engine, which stems from the program failing to properly validate user-supplied input. When an unsuspecting user browses the affected site, an attacker...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10722)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-08125)

IBM Curam Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. IBM Curam Social Program Management suffers from a cross-site scripting vulnerability that originates from the program faili...

NetComm NB16WV-02 HTML Injection Vulnerability

The NetComm NB16WV-02 is a router product from NetComm Australia. The NetComm NB16WV-02 suffers from an HTML injection vulnerability that originates when a program fails to properly validate user-supplied input. When an unknowing user browses the affected site, an attacker could exploit the...

SAP Enterprise Portal Cross-Site Scripting Vulnerability

SAP Enterprise Portal is a set of enterprise portal based on NetWeaver system platform developed by SAP, which contains content management, single sign-on, knowledge management, collaborative work, full-text search and other modules. A cross-site scripting vulnerability exists in SAP Enterprise...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10727)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10725)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10723)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Multiple vulnerabilities in FortiPortal (CNVD-2017-10726)

FortiPortal is Fortinet's advanced, feature-rich hosted security analytics and management enabler that serves as an MSP for VM software solutions/products that can be deployed on hosted service infrastructures. FortiPortal has multiple security vulnerabilities. The vulnerabilities can be exploite...

Pivotal RabbitMQ Product Cross-Site Scripting Vulnerability

Pivotal RabbitMQ and RabbitMQ for PCF are both products of the American company Pivotal Software. The former is a set of open source message broker software that implements the Advanced Message Queuing Protocol AMQP, and the latter is an open source messaging server used to support data monitorin...

JVN#11326581: Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Empirical Project Monitor - eXtended The...