151 matches found
CVE-2020-29144
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or...
Cross site scripting
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or...
CVE-2020-29144
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or...
Ericsson BSCS iX R18 Billing & Rating Cross-Site Scripting Vulnerability
Ericsson Ericsson BSCS iX R18 Billing & Rating is a web platform for telecom billing from Ericsson, Sweden. Ericsson BSCS iX R18 Billing & Rating iX R18 suffers from a cross-site scripting vulnerability that originates in the ADMX web base module and is susceptible to stored XSS via the name or...
CVE-2020-6876
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...
CVE-2020-6876
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...
Cross site scripting
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...
CVE-2020-6876
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...
Amazon Linux AMI : squid (ALAS-2020-1386)
The version of squid installed on the remote host is prior to 3.5.20-15.39. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1386 advisory. An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gai...
Yii2 Gii Remote Code Execution
This article is written specifically for web developers who use a module. We will tell you how we got access to sensitive data on a staging server through Yii2 Gii Remote Code: First to the testing environment, and then to the production. Spoiler: We have notified the module developer about the...
Security Bulletin: ClassLoader manipulation with Apache Struts affecting Rational Application Developer (CVE-2014-0114)
Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is bundled by IBM Rational Application Developer for WebSphere Software. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...
PhantomJS Arbitrary File Read Vulnerability
PhantomJS is a headless browser for automating web interactions. A security vulnerability exists in the 'page.open' function of the web module in PhantomJS 2.1.1 and earlier versions. The vulnerability can be exploited by an attacker to read arbitrary files on the file system with the help of...
USN-4059-1 squid, squid3 vulnerabilities
It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-19132 It was discovered that Squid incorrect...
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
Design/Logic Flaw
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
UBUNTU-CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...
GAT-Ship Web Module 1.30 Information Disclosure Vulnerability
Exploit for multiple platform in category web applications GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...
CVE-2019-12163
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...