Important: Red Hat Security Advisory: python-django-horizon security update

An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

python-django-horizon: XSS in client side template

A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...

Important: Red Hat Security Advisory: python-django-horizon security update

An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

python-django-horizon: XSS in client side template

A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...

Important: Red Hat Security Advisory: python-django-horizon security update

An update for python-django-horizon is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: python-django-horizon security and bug fix update

An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

python-django-horizon: XSS in client side template

A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...

CVE-2016-4428

A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description, triggering...

drchrono: Stored XSS via AngularJS Injection

Hi All, I've found a stored XSS vulnerability via an Angular Template Injection in the messages referral address field. Description After visiting https://1337test.drchrono.com/messages/referrals/contacts/, you can enter new contact information. In the field for the address, if enter 55, when the...

Arbitrary Script Injection

Overview Affected versions of this package are vulnerable to Arbitrary Script Injection. Attributes were not protected via $sce, which prevents interpolated values that fail the RESOURCEURL context tests from being used in interpolation. For example if the application is running at...

drchrono: Angular injection in the profile name of onpatient

Hi All, You have an angular injection vulnerability in the profile name fields on the onpatient site. If you add a value 55 in the first name or last name field, the expression will be evaluated and when the page is rendered, the first and last name will be 25. Here I'm entering the values F96238...

Cross-site Scripting (XSS)

Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. due to the usemap attribute not being blacklisted. Remediation Upgrade angularjs to version 1.5.0 or higher. References - GitHub ChangeLog - GitHub Commit - GitHub PR Credit: Lucas Mirelmann...

Cross-site Scripting (XSS)

Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. This error occurs when $sanitize sanitizer tries to check the input for possible mXSS payload and the verification errors due to the input mutating indefinitely. This could be a sign that the...

Clickjacking

Overview Affected versions of this package are vulnerable to Clickjacking. By enabling the SVG setting without taking other precautions, you might expose your application to click-hijacking attacks. In these attacks, sanitized SVG elements could be positioned outside of the containing element and...

Python Network Recon Framework: ivre

IVRE Instrument de veille sur les réseaux extérieurs or DRUNK Dynamic Recon of UNKnown networks is a network recon framework, including two modules for passive recon one p0f -based and one Bro -based and one module for active recon mostly Nmap -based, with a bit of ZMap . External programs /...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via unsafe svg animation tags. Details Exploit Example: html Here the anchor's href is animated, starting from a value that's a javascript URI. This allows execution of arbitrary javascript in the process...

GRR Rapid Response

GRR Rapid Response is an incident response framework focused on remote live forensics. GRR consists of an agent client that can be deployed to a target system, and server infrastructure that can manage and talk to the agent. Client Features: Cross-platform support for Linux, OS X and Windows...

Arbitrary Command Execution

Overview Affected versions of this package are vulnerable to Arbitrary Command Execution due to the assignment functions accessing constructors functions, allowing attackers to execute their malicious code. Remediation Upgrade angularjs to version 1.3.2 or higher. References - GitHub ChangeLog -...

Unsafe Object Deserialization

Overview Affected versions of this package are vulnerable to Unsafe Object Deserialization. POC The exploitable code: js hasOwnProperty.constructor.prototype.valueOf = valueOf.call; "a", "alert1".sorthasOwnProperty.constructor; The exploit: - 1. Array.sort takes a comparison function and passes i...

Square: Reflected XSS in connect.square.com

Hi! The page at https://connect.squareup.com/sessions/new doesn't properly sanitize the "email" parameter and/or the input field for email. Since the site is built with AngularJS and the email field is a binded field child of ng-app, we can inject an AngularJS template. Normally, you aren't...