CVE-2017-11180

CVE-2017-11180 affects FineCMS up to 2017-07-11; the issue is a stored XSS in the logging functionality. The payloads demonstrated involve (1) the User-Agent header of HTTP requests and (2) the username entered on the login screen. The root cause is that log processing allows XSS content to be st...

CVE-2017-11180

FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in 1 the User-Agent header of an HTTP request or 2 the username entered on the login screen...

OV3 Online Administration 3.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a...

CVE-2017-9101

import.php aka the Phonebook import feature in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file...

CVE-2017-9101

import.php aka the Phonebook import feature in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file...

CVE-2016-7955

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report...

ReDoS via long UserAgent header

Overview Affected versions of useragent are vulnerable to regular expression denial of service when an arbitrarily long User-Agent header is parsed. Proof of Concept var useragent = require'useragent'; var badUserAgent = 'MSIE 0.0'+Array900000.join'0'+'XBLWP'; var request = 'GET /...

Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting

Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the...

Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Curre...

Alienvault OSSIM/USM 5.3.1 Persistent Cross Site Scripting

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site Google, in this...

Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site Google, in this...

CVE-2016-8581

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator...

Cross site scripting

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator...

CVE-2016-8581

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator...

CVE-2016-8581

CVE-2016-8581 is a stored XSS vulnerability in the User-Agent header of the login process of AlienVault OSSIM/USM up to version 5.3.1, allowing an attacker to steal session IDs when an admin views current sessions. Root cause: improper handling of the User-Agent header enabling script injection. ...

Alienvault OSSIM and USM Cross-Site Scripting Vulnerabilities

AlienVault OSSIM and USM are both products of AlienVault Corporation, U.S.A. OSSIM is an open source security information management system. USM is a security management platform that provides security monitoring, security event management and reporting, and threat awareness system. A cross-site...

OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS

OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability Vendor: Innovation Gate GmbH Product web page: https://www.openwga.com Affected version: OpenWGA Content Manager 7.1.9 Build 230 OpenWGA Admin Client 7.1.7 Build 82 OpenWGA Server 7.1.9 Maintenance Release Build 642 Summary:...

CVE-2015-0265

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

Cross site scripting

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

CVE-2015-0265

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...