Lucene search
K

897 matches found

Exploit DB
Exploit DB
added 2014/07/02 12:0 a.m.18 views

Zurmo CRM - Persistent Cross-Site Scripting

Affected software: Zurmo CRM Zurmo is an Open Source Customer Relationship Management CRM application that is mobile, social, and gamified. We use a test-driven methodology for building every part of the application. Type of vulnerability: XSS Stored URL: zurmo.com Discovered by: Provensec Websit...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2014/04/22 4:57 p.m.29 views

StopTheHacker: XSS Reflected - https://www.stopthehacker.com/

Hi. I want to report a Reflected xss vulnerability that I found in www.stopthehacker website and which can affect the safety of your users. This vulnerability allows an attacker to inject in web pages javascript content for sending malicious scripts to an unsuspecting user. This flaw can access a...

Exploits0
Hacker One
Hacker One
added 2014/03/04 3:8 p.m.14 views

OkCupid: Stored XSS on your site..

Affected site: http://www.okcupid.com/ Vulnerability:XSS. Severity:Medium/High. Description: Cross site scripting also referred to as XSS is a vulnerability that allows an attacker to send malicious code usually in the form of Javascript to another user. Because a browser cannot know if the scrip...

6.7AI score
Exploits0
Metasploit
Metasploit
added 2014/02/03 3:30 p.m.35 views

DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials

This module will extract user credentials from DoliWamp - a WAMP packaged installer distribution for Dolibarr ERP on Windows - versions 3.3.0 to 3.4.2 by hijacking a user's session. DoliWamp stores session tokens in filenames in the 'tmp' directory. A directory traversal vulnerability in...

0.4AI score
Exploits0
OpenVAS
OpenVAS
added 2013/12/26 12:0 a.m.34 views

TYPO3 Multiple Vulnerabilities (Jan 2009)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

10CVSS7.6AI score0.09442EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2013/09/05 11:22 a.m.13 views

Yahoo Fantasy Football Mobile App Vulnerable to Attack

All but the most recent version of the mobile application for Yahoo’s popular fantasy football service are vulnerable to a session hijack attack in which an unauthenticated person could remotely change team lineups, post messages and perform other mischief on behalf of the legitimate user...

0.3AI score
Exploits0References3
The Hacker News
The Hacker News
added 2013/02/01 8:1 p.m.7 views

Hackers breach Twitter and 250,000 accounts compromised

In recent The Hacker News updates, we have reported about some major hacking events and critical vulnerabilities i.e Cyber attack and spying on The New York Times and Wall Street Journal by Chinese Hackers, Security Flaws in UPnP protocol, Botnet attack hack 16,000 Facebook accounts, 700,000...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2012/12/28 1:45 a.m.14 views

Vulnerability in HTC website allow attacker to hijack accounts

Thamatam Deepak Mr.47™ reported a Cross site scripting XSS Vulnerability and cookie handling in HTC website, that allow an attacker to HTC website hijack accounts. Mr. Deepak is a 16 years old whitehat hacker, listed in Apple Hall of Fame with 'The Hacker News' researcher Mohit Kumar this month...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2012/11/13 5:16 p.m.3 views

XSS Vulnerability in Apple website

A 16 years old Spanish Whitehat hacker going by name "The Pr0ph3t" found XSS Vulnerability on Apple website. The Vulnerability reported in Apple subdomain - https://locate.apple.com, where users can choose a service center location. About Cross site scripting : Cross-Site Scripting attacks are a...

6AI score
Exploits0
NVD
NVD
added 2012/08/22 10:42 a.m.15 views

CVE-2012-4583

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard...

4CVSS6.4AI score0.00937EPSS
Exploits0References2
Prion
Prion
added 2012/08/22 10:42 a.m.13 views

Session fixation

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard...

4CVSS6.9AI score0.00937EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2012/08/22 10:0 a.m.19 views

CVE-2012-4583

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard...

6.4AI score0.00937EPSS
Exploits0References2
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.39 views

ESA-2012-026: RSA Access Manager Session Replay Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-026: RSA Access Manager Session Replay Vulnerability EMC Identifier: ESA-2012-026 CVE Identifier: CVE-2012-2281 Severity Rating: CVSSv2 Base Score: 6. 8 AV:A/AC:H/Au:N/C:C/I:C/A:C Affected Products: RSA Access Manager Server version 6.0.x RSA...

6.8CVSS0.2AI score0.0068EPSS
Exploits0
NVD
NVD
added 2012/07/05 2:55 p.m.14 views

CVE-2012-2281

EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors...

6.8CVSS6.7AI score0.0068EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/07/05 2:0 p.m.24 views

CVE-2012-2281

EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors...

6.7AI score0.0068EPSS
Exploits0References2
CVE
CVE
added 2012/07/05 2:0 p.m.44 views

CVE-2012-2281

CVE-2012-2281 affects EMC RSA Access Manager Server 6.x (before 6.1 SP4) and RSA Access Manager Agent. The root cause is improper invalidation/validation of session tokens after a user logs out, which can let an attacker replay a valid session via unspecified vectors. The impact is that remote at...

6.8CVSS6.9AI score0.0068EPSS
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.41 views

NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens

High Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a high risk vulnerability in the McAfee Email and Web Security Appliance Impact: Reflective XSS allowing an attacker to gain session tokens Versions affected: All versions...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.101 views

NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...

0.5AI score
Exploits0
erpscan
erpscan
added 2011/08/04 12:0 a.m.30 views

SAP Internet Sales - XSS

Application: SAP NetWeaver Vendor URL: Bugs: XSS Risk: High Exploits: YES Reported: 08.04.2011 Vendor response: 08.04.2011 Date of Public Advisory: 17.02.2012 Reference: SAP Security Note 1583300 Description SAP NetWeaver 7.0 Internet Sales crm.b2b has XSS vulnerability. Business Risk An attacker...

6.1AI score
Exploits0
erpscan
erpscan
added 2011/08/04 12:0 a.m.24 views

SAP NetWeaver Internet Sales-Multiple XSS - 2

Application: SAP NetWeaver Vendor URL: Bugs: XSS Risk: Medium Exploits: YES Reported: 08.04.2011 Vendor response: 10.04.2011 Patched: 13.11.2011 Date of Public Advisory: 13.03.2012 Reference: SAP Security Note 1584030 Author: Dmitriy Chastuchin ERPScan Description SAP NetWeaver Internet...

6.1AI score
Exploits0
Rows per page
Query Builder