48 matches found
Regular Expression Denial Of Service (ReDoS)
ua-parser-js is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through overly greedy regular expressions when parsing the browsers' user agent strings...
April 7, 2020, update for OneNote 2016 (KB4475586)
April 7, 2020, update for OneNote 2016 KB4475586 This article describes update 4475586 for Microsoft OneNote 2016 that was released on April 7, 2020. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to...
Rbuster - Yet Another Dirbuster
yet another dirbuster Common Command line options -a - specify a user agent string to send in the request -c - use this to specify any cookies that you might need simulating auth. header. -f - force processing of a domain with wildcard results. -l - show the length of the response. -r - follow...
SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:2345-2)
This update for webkit2gtk3 fixes the following issues : Updated to version 2.24.4 bsc1148931. Security issues fixed : CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615...
SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:2345-1)
This update for webkit2gtk3 fixes the following issues : Updated to version 2.24.4 bsc1148931. Security issues fixed : CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615...
Input validation
Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...
CVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...
CVE-2017-1000428
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...
Design/Logic Flaw
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...
ua-parser-js npm module ReDoS
This module exploits a Regular Expression Denial of Service vulnerability in the npm module "ua-parser-js". Server-side applications that use "ua-parser-js" for parsing the browser user-agent string will be vulnerable if they call the "getOS" or "getResult" functions. This vulnerability was fixed...
Mail.ru: XSS on account.mail.ru/login
Уязвимость на станице https://account.mail.ru/login и подготовка файлов для атаки --------------------- В процессе исследования заметил, что на странице https://account.mail.ru/login не валидируется значение параметра v. Значение выводится на странице как есть и используется в пути до скрипта...
Explained: user agent
If you are the kind of person that uses different browsers or different devices to access websites, you may have noticed that many sites can look quite different depending on which browser you are using. When your browser sends a request to a website, it identifies itself with the user agent stri...
JAVA serialization and deserialization and vulnerability remediation-vulnerability warning-the black bar safety net
Last week, the network security personnel once again in the Black production before being tumbled, Joomla exposure to high-risk 0Day vulnerabilities, without requiring a user login will be able to trigger. Joomla vulnerability in the official release of the upgrade version and before the patch, i...
JAVA serialization and deserialization, as well as vulnerability remediation-vulnerability warning-the black bar safety net
Last week, the network security personnel once again in the Black production before being tumbled, Joomla exposure to high-risk 0Day vulnerabilities, without requiring a user login will be able to trigger. Joomla vulnerability in the official release of the upgrade version and before the patch, i...
Joomla then exposed to high-risk 0day vulnerability for remote command execution-vulnerability warning-the black bar safety net
Joomla security team emergency release of the 3. 4. 6 version fixes a high-risk 0day vulnerability. It is reported that the vulnerability from being found to the security patches released, it has been more than two days, at present also has been through other channels in the spread. You can...
Microsoft repair SharePoint 2 0 1 3 XSS vulnerabilities-the vulnerabilities and early warning-the black bar safety net
SharePoint is the Microsoft Office Suite in a tool for individuals and companies to create a portal page. The vulnerabilityCVE-2 0 1 5-2 5 2 2by FortiNet's FortiGuard Labs security researchers discovered the vulnerability affects SharePoint 2 0 1 3 15.0.4571.1502 early version. SharePoint is a...
UBUNTU-CVE-2014-2329
Multiple cross-site scripting XSS vulnerabilities in CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the 1 agent string for a checkmk agent, a 2 crafted request to a monitored host, which is not properly handled by the...
[CVE-2015-2926] XSS vuln in phpTrafficA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: The user agent string provided by the browser is not sanitized nor escaped when handled. This string ...
phpTrafficA 2.3 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: The user agent string provided by the browser is not sanitized nor escaped when handled. This string ...
Netsparker v3.5 - Web Application Security Scanner
Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...