Lucene search
K

152 matches found

Openbugbounty
Openbugbounty
added 2015/12/12 9:1 p.m.12 views

yangjichemical.co.kr XSS vulnerability

Vulnerable URL: http://www.yangjichemical.co.kr/shoppopup/nicknamecheck.htm?nickname=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/12/09 10:48 a.m.15 views

bicyclewarehouse.com XSS vulnerability

Vulnerable URL: http://www.bicyclewarehouse.com/sitesearch.cfm?search=%22%3E%3Csvg%2Fonload%3Dprompt%28%2FXSSPOSED%2F%29%3E&goSiteSearch.x;=0&goSiteSearch.y;=0 Details: Description| Value ---|--- Patched:| Yes, at 25.01.2016 Latest check for patch:| 25.01.2016 15:39 GMT Vulnerability type:| XSS...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/11/24 7:13 p.m.15 views

imagefap.com XSS vulnerability

Vulnerable URL: http://www.imagefap.com/pictures/5811716/feet-close-ups-in-nylons-and-shoes-01?edit=1=5811716==2'%22%26%25prompt/XSSPOSED/...

6.9AI score
Exploits0
Cisco Threats
Cisco Threats
added 2014/11/18 4:18 p.m.10 views

Threat Outbreak Alert RuleID12469: Email Messages Distributing Malicious Software on November 17, 2014

Medium Alert ID: 36448 First Published: 2014 November 18 16:18 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID12469 may contain the following files: Name |...

0.4AI score
Exploits0
Patchstack
Patchstack
added 2014/01/20 12:0 a.m.30 views

WordPress <= 3.0.1

wp-includes/comment.php does not properly whitelist trackbacks and pingbacks in the blogroll. In that way the attackers can bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match. Solution Update WordPress...

5.8CVSS4.6AI score0.0253EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2013/10/04 5:55 p.m.34 views

PYSEC-2013-21

The issafeurl function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting XSS or other vulnerabilities into Django applications that use this function, a...

4.3CVSS0.6AI score0.02297EPSS
Exploits0References14
The Hacker News
The Hacker News
added 2013/05/16 6:2 p.m.11 views

Facebook Hacking, technique to Spoof the content of any Facebook App

There are many unpatched loopholes or flaws in Facebook website, that allow hackers to inject external links or images to a wall, hijacking any facebook account or bypassing your social privacy. Today we are going to report about another unfixed facebook app vulnerability that allow a hacker to...

6.8AI score
Exploits0
RubySec
RubySec
added 2013/04/01 12:0 a.m.21 views

ldoce Gem for Ruby MP3 URL Shell Metacharacter Injection Arbitrary Command Execution

ldoce Gem for Ruby contains a flaw that is triggered during the handling of a specially crafted URL or filename for MP3 files that have shell metacharacters injected in to it. This may allow a context-dependent attacker to execute arbitrary commands...

6.8CVSS7.1AI score0.01959EPSS
Exploits1References1
Atlassian
Atlassian
added 2013/02/06 9:54 p.m.423 views

Not being able to create webhooks with basic authentication.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-31953. panel Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5...

Exploits0Affected Software1
Atlassian
Atlassian
added 2013/02/06 9:54 p.m.55 views

Not being able to create webhooks with basic authentication.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-31953. panel Using the procedures to use basic auth described on...

Exploits0Affected Software1
The Hacker News
The Hacker News
added 2012/10/20 4:29 p.m.16 views

DarkBot Malware Circulation very fast via Skype

Two weeks back we reported that Security firm Trend Micro discovered a worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. This malware is spreading through a question/ phrase sent to the users by someone and the question is:...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/07/23 12:0 a.m.42 views

Mozilla Thunderbird 13.x < 13 Multiple Vulnerabilities

Binary data 801366.prm...

10CVSS9.8AI score0.05488EPSS
Exploits0References30
RedHat Linux
RedHat Linux
added 2012/07/17 7:21 p.m.3 views

Mozilla: feed: URLs with an innerURI inherit security context of page (MFSA 2012-55)

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting XSS protection mechanisms via a feed:javascript: URL...

4.3CVSS7.3AI score0.02219EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2012/04/02 12:0 a.m.6 views

Adobe Flash Player URL Security Domain Checking Code Execution (APSB12-07; CVE-2012-0772)

A memory corruption vulnerability has been reported in Adobe Flash Player...

6.6AI score0.05896EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2012/03/30 12:0 a.m.36 views

Adobe AIR 3.x <= 3.1.0.4880 Multiple Memory Corruption Vulnerabilities (APSB12-07)

According to its version, the instance of Adobe AIR 3.x on the remote Windows host is 3.1.0.4880 or earlier and is reportedly affected by several critical memory corruption vulnerabilities : - Memory corruption vulnerabilities related to URL security domain checking. CVE-2012-0772 - A flaw in the...

10CVSS6.3AI score0.05896EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2012/03/30 12:0 a.m.35 views

Flash Player <= 10.3.183.16 / 11.1.102.63 Multiple Memory Corruption Vulnerabilities (APSB12-07)

According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.16 or 11.x equal to or earlier than 11.1.102.63. It is, therefore, reportedly affected by several critical memory corruption vulnerabilities : - Memory corruption...

10CVSS6.3AI score0.05896EPSS
Exploits2References8
Prion
Prion
added 2012/03/28 7:55 p.m.19 views

Memory corruption

An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service memory corruption via...

10CVSS8.1AI score0.05896EPSS
Exploits1References6Affected Software2
UbuntuCve
UbuntuCve
added 2012/03/28 7:55 p.m.33 views

CVE-2012-0772

An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service memory corruption via...

10CVSS6AI score0.05896EPSS
Exploits1References2
Cvelist
Cvelist
added 2012/03/28 7:0 p.m.23 views

CVE-2012-0772

An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service memory corruption via...

7.6AI score0.05896EPSS
Exploits1References6
xssed
xssed
added 2012/03/02 12:0 a.m.10 views

Unfixed XSS vulnerability at www.ancyl.org.za

Security researcher 03storic, has submitted on 03/02/2012 a cross-site-scripting XSS vulnerability affecting www.ancyl.org.za, which at the time of submission ranked 1272652 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/02/2012. It is...

6.6AI score
Exploits0References1
Rows per page
Query Builder