678 matches found
Design/Logic Flaw
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...
CVE-2017-15911
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...
IceWarp Server webmail component cross-site scripting vulnerability
IceWarp Server is a mail server product from IceWarp USA. The product supports email archiving, SmartAttach attachments, automatic migration, etc. webmail component is one of the mailbox components. A cross-site scripting vulnerability exists in the 'language' parameter of the webmail component i...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-04607)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in the affiliate-preview.php file in www/admin in versions prior t...
CVE-2017-6549
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before...
Investors Application Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in Shareholder Investor Relations. A remote attacker can manipulate client requests to obtain a user's session...
TrendMicro SSO Redirect / Session Theft
Document Title: =============== Trend Micro SSO - Backend SSO Redirect & Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1694 Trand Micro ID: 1-1-1035080936 Release Date: ============= 2016-03-31 Vulnerability Laboratory ID VL-ID:...
Apache Solr < 4.10.5 'plugin.js' XSS
Binary data 8974.prm...
Monsta FTP 1.6.2 - Multiple Vulnerabilities
Monsta FTP version 1.6.2 suffers from cross site request forgery and cross site scripting vulnerabilities. Exploit Title: CSRF XSS Monsta FTP Google Dork: intitle: Monsta FTP CSRF / XSS Date: 2015-09-11 Exploit Author: hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.monstaftp.com...
IBM Leads Cross-Site Request Forgery Vulnerability (CNVD-2015-04109)
IBM Leads is a solution from IBM USA for improving the customer management process. The program provides functions such as finding prospects, assigning customers and sending notifications of new customer information. A cross-site request forgery vulnerability exists in IBM Leads. A remote attacke...
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower
SEC Consult Vulnerability Lab Security Advisory 20150113-1 ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.2 fixed version: =2.0.5 impact: high homepage:...
SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Cross Site Flashing Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908647 0 Abstract: -------------...
Aerohive HiveOS 5.1r5 - 6.1r5 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions...
Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities
Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions...
Aerohive HiveOS 5.1r5 < 6.1r5 - Multiple Vulnerabilities
Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions Description ================ Aerohive version 5.1r5 through...
ClusterMaps - Cross Site Scripting Vulnerability
Document Title: =============== ClusterMaps - Cross Site Scripting Vulnerability Release Date: ============= 2011-07-25 Vulnerability Laboratory ID VL-ID: ==================================== 135 Product & Service Introduction: =============================== Do you know your audience? You will...
PT-2009-15 Living CMS Cross-Site Scripting Vulnerability
Living CMS is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...
Hiki cross-site scripting vulnerability
Overview Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability. Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into t...
Hiki cross-site scripting vulnerability
Overview Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability. Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into t...
rsa-xss.txt
The following security report has been sent to RSA/EMC on the 2/10/2007 and confirmed by them. RSA took action to alert their customers. ----------------------------------------- Description The WebID authentication framework suffers from a flow allowing to steal an authenticated users's session ...