SUSE hackweek 跨站脚本漏洞

SUSE hackweek is a tool from SUSE Germany that nurtures hack ideas into projects and then collaborates on them. A cross-site scripting vulnerability exists in SUSE hackweek that stems from a lack of input cleanup and allows any user to launch a stored cross-site scripting attack...

Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow packages a vulnerable version of the eclipse jetty library. Vulnerability Details CVEID:CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creati...

Listplace Directory Listing Platform 3.0 Cross Site Scripting

Exploit Title: Listplace Directory Listing Platform 3.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/listplace-a-complete-directory-listing-platform/22 Tested on: Windows 10 Pro Impact...

Ekushey Project Manager CRM 5.0 Cross Site Scripting

Exploit Title: Ekushey Project Manager CRM 5.0 - Stored XSS Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/ekushey/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description Allow Attacker...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22898)

Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22898 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEWENV variables. By sending a specially-crafted...

Dell Technologies Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is a PowerScale OneFS operating system that provides scale-out NAS. Dell PowerScale OneFS has a security vulnerability that could be exploited by an attacker to gain access to sensitive information and use it to launch further attacks on the affected system...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services: Clickjacking (CVE-2016-3060)

Summary IBM Financial Transaction Manager for Corporate Payment Services could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

IBM InfoSphere DataStage Information Disclosure Vulnerability

IBM InfoSphere DataStage is a set of IBM's ETL Extract, Transform, and Load tools to provide data integration solutions in a graphical interface, and is part of the IBM suite of information platform solutions and IBM InfoSphere. An information disclosure vulnerability exists in IBM InfoSphere...

WordPress Plugin WP to Twitter - Authentication Bypass

WordPress Plugin WP to Twitter - Authentication Bypass source: https://www.securityfocus.com/bid/69741/info WP to Twitter Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized...

Red Hat Directory Server 7.1 - Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/23709/info Red Hat Directory Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal...

Cerberus Helpdesk 2.x Spellwin.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21423/info Cerberus Helpdesk is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execu...

MilliScripts 'dir.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27078/info MilliScripts is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Chris LaPointe Download Center 1.2 - browse Action category Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28219/info Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in...

Perception LiteServe 2.0 CGI Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in launching further...

gnu wget 1.x Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11871/info Multiple remote vulnerabilities reportedly affect GNU wget. These issues are due to the application's failure to properly sanitize user-supplied input and to properly validate the presence of files before writi...

Online Contact Manager 3.0 email.php id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/34626/info Online Contact Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script...

AL-Caricatier 2.5 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/17289/info AL-Caricatier is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...

Dragonfly CMS 9.0.6 .1 Stories_Archive Module Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...

Cm3 CMS - 'search.asp' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55395/info Cm3 CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/54757/info Distimo Monitor is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...