CVE-2019-9809

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...

BIT-GRAFANA-2023-2183

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

CVE-2023-2183

A flaw was found in grafana. This issue may allow a malicious user to craft a request to the API that enables them to send alert messages via the "API Alert - Test"...

GHSA-WM7R-3QXJ-5XGQ Duplicate Advisory: Grafana Improper Access Control vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cvm3-pp2j-chr3. This link is maintained to preserve external references. Original Description Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available...

Cross site scripting

A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account...

Joomla! 2.5.0 - 3.9.24 Multiple XSS Vulnerabilities

Joomla! is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[20210303] - Core - XSS within alert messages showed to users

Missing filtering of messages showed to users that could lead to xss issues...

OSSEC-HIDS ossec-alert message denial of service vulnerability

OSSEC-HIDS is an open source intrusion detection tool. The OSSEC-HIDS log analysis component handles ossec-alert formatted messages with a security vulnerability that allows remote attackers to exploit the vulnerability by submitting special requests that can be used for denial-of-service attacks...

CVE-2019-9809

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...

FreeBSD : mozilla -- multiple vulnerabilities (05da6b56-3e66-4306-9ea3-89fafe939726)

Mozilla Foundation reports : CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JSOPTIMIZEDOUT magic value to script CVE-2019-9793: Improper...

v0lt - Security CTF Toy Tools

v0lt is an attempt to regroup every tool I used/use/will use in security CTF, Python style. A lot of exercises were solved using bash scripts but Python may be more flexible, that's why. Nothing to do with Gallopsled. It's a toy toolkit, with small but specific utils only. Requirements and...

SIDU 5.3 Cross Site Scripting

Exploit Title: SIDU 5.3 Database Web GUI Multiple XSS Vulnerabilities Date: 04.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://topnew.net/sidu/ Software Link: https://sourceforge.net/projects/sidu/files/sidu/sidu53.zip Version: app version 5.3 XSS details: XSS1 URL...

Apple iOS Warns of Message Denial of Service Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in Apple iOS that allows a remote WEB server to generate a large number of alert messages, resulting in a denial-of-service attack...

CVE-2015-3763

CVE-2015-3763 affects Safari/WebKit on iOS prior to 8.4.1. A crafted webpage can generate numerous JavaScript alert messages, causing a denial of service (apparent browser lock). Apple addressed this in iOS 8.4.1 by throttling alerts. The referenced entry describes a remote, client-side DoS via a...

tbe40-XSS.txt

The Banner Engine - tbe4.0 Native Solutions -------------------------- Cross Site Scripting XSS -------------------------- http://target.xx/top.php?action=search&catid=catid&text=%3Cscript%3Ealert%22Ellipsis+Security+Test%22%3C/script%3E...