897 matches found
Zurmo CRM - Persistent Cross-Site Scripting
Affected software: Zurmo CRM Zurmo is an Open Source Customer Relationship Management CRM application that is mobile, social, and gamified. We use a test-driven methodology for building every part of the application. Type of vulnerability: XSS Stored URL: zurmo.com Discovered by: Provensec Websit...
StopTheHacker: XSS Reflected - https://www.stopthehacker.com/
Hi. I want to report a Reflected xss vulnerability that I found in www.stopthehacker website and which can affect the safety of your users. This vulnerability allows an attacker to inject in web pages javascript content for sending malicious scripts to an unsuspecting user. This flaw can access a...
OkCupid: Stored XSS on your site..
Affected site: http://www.okcupid.com/ Vulnerability:XSS. Severity:Medium/High. Description: Cross site scripting also referred to as XSS is a vulnerability that allows an attacker to send malicious code usually in the form of Javascript to another user. Because a browser cannot know if the scrip...
DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials
This module will extract user credentials from DoliWamp - a WAMP packaged installer distribution for Dolibarr ERP on Windows - versions 3.3.0 to 3.4.2 by hijacking a user's session. DoliWamp stores session tokens in filenames in the 'tmp' directory. A directory traversal vulnerability in...
TYPO3 Multiple Vulnerabilities (Jan 2009)
TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...
Yahoo Fantasy Football Mobile App Vulnerable to Attack
All but the most recent version of the mobile application for Yahoo’s popular fantasy football service are vulnerable to a session hijack attack in which an unauthenticated person could remotely change team lineups, post messages and perform other mischief on behalf of the legitimate user...
Hackers breach Twitter and 250,000 accounts compromised
In recent The Hacker News updates, we have reported about some major hacking events and critical vulnerabilities i.e Cyber attack and spying on The New York Times and Wall Street Journal by Chinese Hackers, Security Flaws in UPnP protocol, Botnet attack hack 16,000 Facebook accounts, 700,000...
Vulnerability in HTC website allow attacker to hijack accounts
Thamatam Deepak Mr.47™ reported a Cross site scripting XSS Vulnerability and cookie handling in HTC website, that allow an attacker to HTC website hijack accounts. Mr. Deepak is a 16 years old whitehat hacker, listed in Apple Hall of Fame with 'The Hacker News' researcher Mohit Kumar this month...
XSS Vulnerability in Apple website
A 16 years old Spanish Whitehat hacker going by name "The Pr0ph3t" found XSS Vulnerability on Apple website. The Vulnerability reported in Apple subdomain - https://locate.apple.com, where users can choose a service center location. About Cross site scripting : Cross-Site Scripting attacks are a...
CVE-2012-4583
McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard...
Session fixation
McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard...
CVE-2012-4583
McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard...
ESA-2012-026: RSA Access Manager Session Replay Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-026: RSA Access Manager Session Replay Vulnerability EMC Identifier: ESA-2012-026 CVE Identifier: CVE-2012-2281 Severity Rating: CVSSv2 Base Score: 6. 8 AV:A/AC:H/Au:N/C:C/I:C/A:C Affected Products: RSA Access Manager Server version 6.0.x RSA...
CVE-2012-2281
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors...
CVE-2012-2281
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors...
CVE-2012-2281
CVE-2012-2281 affects EMC RSA Access Manager Server 6.x (before 6.1 SP4) and RSA Access Manager Agent. The root cause is improper invalidation/validation of session tokens after a user logs out, which can let an attacker replay a valid session via unspecified vectors. The impact is that remote at...
NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens
High Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a high risk vulnerability in the McAfee Email and Web Security Appliance Impact: Reflective XSS allowing an attacker to gain session tokens Versions affected: All versions...
NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked
Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...
SAP Internet Sales - XSS
Application: SAP NetWeaver Vendor URL: Bugs: XSS Risk: High Exploits: YES Reported: 08.04.2011 Vendor response: 08.04.2011 Date of Public Advisory: 17.02.2012 Reference: SAP Security Note 1583300 Description SAP NetWeaver 7.0 Internet Sales crm.b2b has XSS vulnerability. Business Risk An attacker...
SAP NetWeaver Internet Sales-Multiple XSS - 2
Application: SAP NetWeaver Vendor URL: Bugs: XSS Risk: Medium Exploits: YES Reported: 08.04.2011 Vendor response: 10.04.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1584030 Author: Dmitriy Chastuchin ERPScan Description SAP NetWeaver Internet...