GitLab CE/EE 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in all versions of GitLab CE/EE prior to 15.0.5...

CVE-2022-31065

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker whose username contains malicious JavaScript, the script gets...

Microweber Cross-Site Scripting Vulnerability (CNVD-2022-20515)

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in versions of Microweber prior to 1.2.11. The vulnerability stems from a lack...

SRC-2022-0012 : VMware Workspace ONE Access BrandingResource getBranding Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to dislose the hostname on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within BrandingResource class. The issue results from the...

cWifi Hotspot Wireless CP Code Execution

Document Title: =============== cWifi Hotspot Wireless CP - Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2310 Release Date: ============= 2021-12-15 Vulnerability Laboratory ID VL-ID: ====================================...

Delta Electronics DIAEnergie HandlerEnergyType Parameter Name Cross-Site Scripting Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...

CVE-2021-29719

CVE-2021-29719 affects IBM Cognos Analytics 11.1.7 and 11.2.0, stemming from a web response that specifies an incorrect content type. This could enable client‑side exploits. IBM’s advisories note official fixes in IBM Cognos Analytics 11.2.1 and 11.1.7 Fix Pack 4 (FP4); upgrade to 11.2.1 or apply...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K25126370)

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. CVE-2019-10098 Impact An attacker can abuse this vulnerability in a phishing...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K23153696)

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. CVE-2020-1927 Impact An attacker can abuse this vulnerability in a phishin...

Seotoaster 3.2.0 - Stored XSS on Edit page properties

Exploit Title: Seotoaster 3.2.0 - Stored XSS on Edit page properties Exploit Author: Hardik Solanki Vendor Homepage: https://www.seotoaster.com/ Software Link: https://crm-marketing-automation-platforms.seotoaster.com/ Version: 3.2.0 Tested on Windows 10 XSS ATTACK: Cross-site Scripting XSS is a...

CVE-2020-29072

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...

CVE-2020-29072

LiquidFiles versions prior to 3.3.19 have a Cross-Site Script Inclusion vulnerability in client-side code. Exploitation requires user interaction (opening a link) and could lead to leakage of encrypted e-mail content via messages/sent?format=js and popup?format=js. Affected product: LiquidFiles p...

httpd: mod_rewrite potential open redirect

A vulnerability was discovered in Apache httpd, in modrewrite. Certain self-referential modrewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers...

Code injection

Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system...

httpd: mod_rewrite potential open redirect

A vulnerability was discovered in Apache httpd, in modrewrite. Certain self-referential modrewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers...

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack Exploit

// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13...

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack

Mozilla FireFox Windows 10 x64 - Full Chain Client Side Attack // Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 8572494...

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary co...

CVE-2019-10098

A vulnerability was discovered in Apache httpd, in modrewrite. Certain self-referential modrewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers...

Security Bulletin: Security vulnerability in Oracle Java 7 impacts IBM Rational Change (CVE-2013-0422)

Summary Potential security vulnerability issues may occur if you are using the Oracle Java 7 updates reported in Oracle Security Alert for CVE-2013-0422 when using IBM Rational Change product. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts...