SUSE hackweek 跨站脚本漏洞

SUSE hackweek is a tool from SUSE Germany that nurtures hack ideas into projects and then collaborates on them. A cross-site scripting vulnerability exists in SUSE hackweek that stems from a lack of input cleanup and allows any user to launch a stored cross-site scripting attack...

Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow packages a vulnerable version of the eclipse jetty library. Vulnerability Details CVEID:CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creati...

Listplace Directory Listing Platform 3.0 Cross Site Scripting

Exploit Title: Listplace Directory Listing Platform 3.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/listplace-a-complete-directory-listing-platform/22 Tested on: Windows 10 Pro Impact...

Ekushey Project Manager CRM 5.0 Cross Site Scripting

Exploit Title: Ekushey Project Manager CRM 5.0 - Stored XSS Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/ekushey/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description Allow Attacker...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22898)

Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22898 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEWENV variables. By sending a specially-crafted...

Dell Technologies Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is a PowerScale OneFS operating system that provides scale-out NAS. Dell PowerScale OneFS has a security vulnerability that could be exploited by an attacker to gain access to sensitive information and use it to launch further attacks on the affected system...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services: Clickjacking (CVE-2016-3060)

Summary IBM Financial Transaction Manager for Corporate Payment Services could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

IBM InfoSphere DataStage Information Disclosure Vulnerability

IBM InfoSphere DataStage is a set of IBM's ETL Extract, Transform, and Load tools to provide data integration solutions in a graphical interface, and is part of the IBM suite of information platform solutions and IBM InfoSphere. An information disclosure vulnerability exists in IBM InfoSphere...

WordPress Plugin WP to Twitter - Authentication Bypass

WordPress Plugin WP to Twitter - Authentication Bypass source: https://www.securityfocus.com/bid/69741/info WP to Twitter Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized...

gnu wget 1.x Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11871/info Multiple remote vulnerabilities reportedly affect GNU wget. These issues are due to the application's failure to properly sanitize user-supplied input and to properly validate the presence of files before writi...

Online Contact Manager 3.0 email.php id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/34626/info Online Contact Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script...

AL-Caricatier 2.5 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/17289/info AL-Caricatier is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...

Chris LaPointe Download Center 1.2 - browse Action category Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28219/info Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in...

Dragonfly CMS 9.0.6 .1 Stories_Archive Module Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...

Cerberus Helpdesk 2.x Spellwin.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21423/info Cerberus Helpdesk is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execu...

Perception LiteServe 2.0 CGI Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in launching further...

MilliScripts 'dir.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27078/info MilliScripts is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Red Hat Directory Server 7.1 - Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/23709/info Red Hat Directory Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal...

Cm3 CMS - 'search.asp' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55395/info Cm3 CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/54757/info Distimo Monitor is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...