134 matches found
CVE-2018-6545
Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks...
Cross site scripting
Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks...
CVE-2018-6545
Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks...
CVE-2018-6545
Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) flaw (evidence references human.aspx). The vulnerability could allow attackers to deliver malicious messages to other MoveIt users, potentially stealing session cookies and enabling client-side attacks. The available connec...
IPSwitch MOVEit 8.1 9.4 - Cross-Site Scripting
IPSwitch MOVEit 8.1 9.4 - Cross-Site Scripting Exploit Title: IPSwitch MoveIt Stored Cross Site Scripting XSS Date: 1-31-2017 Software Link: https://www.ipswitch.com/moveit Affected Version: 8.1-9.4 only confirmed on 8.1 but other versions prior to 9.5 may also be vulnerable Exploit Author:...
IPSwitch MoveIt 9.4 Cross Site Scripting Vulnerability
Exploit for asp platform in category web applications Exploit Title: IPSwitch MoveIt Stored Cross Site Scripting XSS Software Link: https://www.ipswitch.com/moveit Affected Version: 8.1-9.4 only confirmed on 8.1 but other versions prior to 9.5 may also be vulnerable Exploit Author: email protecte...
The Good, The Bad and The Ugly of Safari in Client-Side Attacks
I’ve previously published an article about using Safari to compromise a computer file system. Unfortunately, there are more issues with Safari as we are now finding out. In this post, we will take a look at the possibility of a XSS exploit and a cookie compromise stemming from “unusual” Safari...
Why ArtsSEC decided to partner with Wallarm
by Maximiliano Soler, @maxisoler by Maximiliano Soller, CTO of ArtsSEC The greatest thing with partnerships is how well the organisations’ expertise complement each other. Our partnership with Wallarm has incredibly exceeded our expectations in their innovation and expertise in web application...
Stellar.org: HTTP - Basic Authentication on https://www.stellar.org/wp-login.php
Greetings, noticed https://www.stellar.org/wp-login.php using basic authentication. PoC: YWRtaW46YWRtaW4= is base64 encode of admin:admin Impact: Vulnerable to client side attacks. Vulnerable to MITM attack. Vulenrable to Eavesdropping attack. Vulnerable to Brute force attacks. Fix: HTTP-Basic...
Nextcloud: HTTP-Basic Authentication on logs.nextcloud.com
Greetings, While visiting https://logs.nextcloud.com/ , I noticed that this server use HTTP-Basic Authentication. F152730 POC : ------ GET https://logs.nextcloud.com/ HTTP/1.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.11; rv:50.0 Gecko/20100101 Firefox/50.0 Accept:...
Jsprime - A JavaScript Static Security Analysis Tool
Today, more and more developers are switching to JavaScript as their first choice of language. The reason is simple JavaScript has now been started to be accepted as the mainstream programming for applications, be it on the web or on the mobile; be it on client-side, be it on the server side...
Kunai - Pwning & Info Gathering via User Browser
Sometimes there is a need to obtain ip address of specific person or perform client-side attacks via user browser. This is what you need in such situations. Kunai is a simple script which collects many informations about a visitor and saves output to file; furthermore, you may try to perform...
Cisco UCS C-Series Rack Servers Integrated Management Controller Cross-Frame Scripting Vulnerability
A vulnerability in the web interface of the Cisco Integrated Management Controller of the Cisco Unified Computing System C-Series Rack Servers could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe...
Yahoo! Mail Cross Site Scripting
Document Title: =============== Yahoo! Bug Bounty 30 YM - Application-Side Mail Encoding File Attachment Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1137 Release Date: ============= 2014-07-08 Vulnerability Laboratory ID VL-ID:...
Yahoo! Bug Bounty #30 YM - Persistent Mail Vulnerability
Document Title: =============== Yahoo! Bug Bounty 30 YM - Persistent Mail Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1137 Release Date: ============= 2014-07-08 Vulnerability Laboratory ID VL-ID: ==================================== 11...
SpagoBI 4.0 - Persistent XSS Vulnerability
No description provided by source. 01. Advisory Information Title: Persistent Cross-Site Scripting XSS in SpagoBI Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE...
HeartBleed Bug Explained - 10 Most Frequently Asked Questions
Heartbleed – I think now it’s not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allow...
Adobe - CS Flash Cross Site Vulnerability & Filter Bypass
Document Title: =============== Adobe - CS Flash Cross Site Vulnerability & Filter Bypass References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1022 Release Date: ============= 2013-09-25 Vulnerability Laboratory ID VL-ID: ====================================...
[SpearPhisher] A Simple Phishing Email Generation Tool
SpearPhisher is a simple point and click Windows GUI tool designed for mostly non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending...
Cisco Prime LAN Management Solution Cross-Frame Scripting Vulnerability
A vulnerability in Cisco Prime LAN Management Solution could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an...