CVE-2020-3345

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...

Design/Logic Flaw

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...

CVE-2020-3345 Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...

OWOX, Inc.: Unrestricted File Upload in Chat Window

Summary: The application allows the attacker to upload dangerous file types that can be automatically processed within the product's environment. Steps To Reproduce: - Hit the browser and navigate to https://bi.owox.com and sign in. - Open The Chat window. - Upload any .rb or .php file . - Click ...

Imperva Prevents Client-Side Attacks like Formjacking and Magecart

The Blindspot of Web Security is Client-side Code One of the troubling blindspots for security teams is third party JavaScript services embedded on a website. The popularity of JavaScript services used by developers and marketing teams means this blindspot is hiding an expanding attack service. I...

Qulture.Rocks: Unrestricted File Upload in Chat Window

Summary: The application allows the attacker to upload dangerous file types that can be automatically processed within the product's environment. Steps To Reproduce: 1. Hit the browser with below URL. https://qa.qulture.rocks/en/users/signin 2. Open The Cat window. 3. Upload any exe file . 4. Cli...

Client Side Threats & How Could Website Owners Mitigate Them?

Have you ever browsed a website with complete confidence that your data is protected? We tend to trust websites with some of our most valuable assets, such as personal information or credit card data. While owners of these websites might consider the protection of our data a top priority, we stil...

TP-Link wireless router Archer C1200 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications + Unauthenticated + Author: Usman Saeed usman at xc0re.net + Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU · Impact: Client side attacks are very common and are the source of maximum number of user compromises. Wi...

TP-Link wireless router Archer C1200 - Cross-Site Scripting

TP-Link wireless router Archer C1200 - Cross-Site Scripting + Unauthenticated + Author: Usman Saeed usman at xc0re.net + Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU · Impact: Client side attacks are very common and are the source of maximum number of user compromises...

Mass WordPress compromises redirect to tech support scams

Content Management Systems CMSes such as WordPress, Drupal, or Joomla are under a constant barrage of fire. Earlier this year, we detailed several waves of attacks against Drupal, also known as Drupalgeddon, pushing browser-based miners and various social engineering threats. During the past few...

HackerOne: Self DOM-Based XSS in www.hackerone.com

Summary: There is a 'self' DOM-based cross-site scripting vulnerability in the contact form available on the www.hackerone.com website. This could allow an attacker to perform cross-site scripting, or other client-side attacks, against users of the application. However, the risk presented by this...

CVE-2018-1000556

WordPress version 4.8 + contains a Cross Site Scripting XSS vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacke...

CVE-2018-1000556

WordPress version 4.8 + contains a Cross Site Scripting XSS vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacke...

Cross site scripting

WordPress version 4.8 + contains a Cross Site Scripting XSS vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacke...

Security Bulletin: IBM Sterling B2B Integrator is affected by Click jacking vulnerability (CVE-2015-4992)

Summary A Click jacking also known as a "UI redress attack" vulnerability has been discovered in IBM Sterling B2B Integrator. Vulnerability Details CVEID: CVE-2015-4992 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to hijack the clicking action of the...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Frame Scripting issue (CVE-2016-5984)

Summary IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Vulnerability Details CVEID: CVE-2016-5984 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe...

DejaVU - Open Source Deception Framework

Deception techniques if deployed well can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across larg...

Open Source Deception Framework: DejaVU

Deception techniques if deployed well can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across larg...

Design/Logic Flaw

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...

PDF – NTLM Hashes

Client side attacks are heavily used in red team engagements as they can allow the red team to execute arbitrary code or retrieve password hashes. Usually Microsoft office products are used to perform these kind of attacks however PDF documents can be also utilized for obtaining NTLM hashes of...