Nakid CMS HTML Injection Vulnerability

Nakid CMS is an open source content management system CMS based on PHP and CodeIgniter. Nakid CMS suffers from an HTML injection vulnerability that could be exploited to allow an attacker to execute supplied HTML and script code in the context of an affected browser, which could allow an attacker...

Cisco IOS TCL Interpreter Privilege Elevation Vulnerability

Cisco IOS is an operating system developed by Cisco for its network devices. A security vulnerability exists in the Cisco IOS TCL interpreter due to the program failing to properly maintain the 'vty' state. Allowing a local attacker to exploit the vulnerability could gain privileges by opening a...

wpa_supplicant security and enhancement update

1:2.0-17 - AP WMM: Fix integer underflow in WMM Action frame parser rh 1221178 rh 1222015 1:2.0-16 - P2P: Validate SSID element length before copying it CVE-2015-1863 1:2.0-15 - Add domainmatch config option from upstream rh 1178263 - Include peer certificate in EAP events for use by clients...

Multiple Cross-Site Scripting Vulnerabilities in Ektron CMS

Ektron CMS is a content management system. Multiple cross-site scripting vulnerabilities exist in Ektron CMS due to the program failing to adequately filter user-submitted input. The vulnerabilities could be exploited to allow an attacker to steal cookie-based authentication credentials and execu...

Cisco Unified MeetingPlace Cross-Site Scripting Vulnerability (CNVD-2015-03644)

Cisco Unified MeetingPlace is the United States Cisco Cisco company's set of multimedia conferencing solutions. The solution provides a user environment that integrates voice, video and Web conferencing. A cross-site scripting vulnerability exists in Cisco Unified MeetingPlace due to the program...

NetFlow Analyzer vulnerable to cross-site scripting

Overview NetFlow Analyzer provided by Zoho Corporation contains a cross-site scripting vulnerability. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

Multiple HTML Injection Vulnerabilities in Dolibarr

Dolibarr is a WEB-based open source ERP and CRM system . Dolibarr suffers from multiple HTML injection vulnerabilities due to the program failing to adequately filter user-submitted input. The vulnerabilities could be exploited to allow an attacker to execute arbitrary script code in the context ...

ZenPhoto20 vulnerable to cross-site scripting

Overview ZenPhoto20 is a content management system CMS. ZenPhoto20 contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Overview Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. MORI Shingo...

D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting

!/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod URL Filter Developed by Mauricio Corrêa XLabs Information Security WebSite: www.xlabs.com.br CAUTION! This exploit disables some features of the modem, forcing the...

Fortinet FortiAnalyzer 'sql-query' Cross-Site Scripting Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The solution is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

JVN#07538357: EasyCTF vulnerable to cross-site scripting

EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a cross-site scripting vulnerability CWE-79 that can be leveraged by an attacker created account. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...

[SECURITY] Fedora 21 Update: groovy-sandbox-1.8-1.fc21

This project defines a Groovy CompilationCustomizer, which allows a program to execute Groovy script in a restricted sandbox environment. It is useful for applications that want to provide some degree of scriptability to users, without allowing them to execute System.exit0 or any other undesirabl...

WordPress Floating Social Bar Plugin HTML Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An HTML injection vulnerability exists in the WordPress Floating Social Bar plugin. This vulnerability allows attackers to...

Group Policy Script Execution From Shared Resource

This is a general-purpose module for exploiting systems with Windows Group Policy configured to load VBS startup/logon scripts from remote locations. This module runs a SMB shared resource that will provide a payload through a VBS file. Startup scripts will be executed with SYSTEM privileges, whi...

Mozilla Thunderbird < 31.6 Multiple Vulnerabilities

The version of Thunderbird installed on the remote Windows host is prior to 31.6. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy...

Softwebs Nepal Fast Chat 'loginprg.asp' Cross-Site Scripting Vulnerability

Softwebs Nepal Fast Chat is a chat software package developed by Softwebs Nepal team. A cross-site scripting vulnerability exists in Softwebs Nepal Fast Chat, which arises from the program's failure to adequately filter user-submitted input. When a user browses the affected site, their browser wi...

Multiple Websense Product Data Security Module Page Cross-Site Scripting Vulnerabilities

Websense, Inc. NASDAQ: WBSN is the world's leading provider of integrated Web, information and data security protection solutions. Multiple Websense product data security module page cross-site scripting vulnerabilities due to the program failing to properly filter user-supplied input. The...

Unspecified Cross-Site Scripting Vulnerability in Multiple Websense Products

Websense, Inc. NASDAQ: WBSN is the world's leading provider of integrated Web, information and data security protection solutions. An unspecified cross-site scripting vulnerability exists in multiple Websense products due to the program failing to properly filter user-supplied input. The...

Unspecified Cross-Site Scripting Vulnerability in Multiple Websense Product DLP Incidents

Websense, Inc. NASDAQ: WBSN is the world's leading provider of integrated Web, information and data security protection solutions. Multiple Websense product DLP incidents contain an unspecified cross-site scripting vulnerability due to the program failing to properly filter user-supplied input. T...