Lucene search
K

134 matches found

NVD
NVD
added 2018/02/02 9:29 a.m.16 views

CVE-2018-6545

Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks...

6.1CVSS5.8AI score0.01567EPSS
Exploits1References1
Prion
Prion
added 2018/02/02 9:29 a.m.13 views

Cross site scripting

Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks...

4.3CVSS5.8AI score0.01567EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/02/02 9:0 a.m.18 views

CVE-2018-6545

Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks...

5.8AI score0.01567EPSS
Exploits1References1
CVE
CVE
added 2018/02/02 9:0 a.m.49 views

CVE-2018-6545

Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) flaw (evidence references human.aspx). The vulnerability could allow attackers to deliver malicious messages to other MoveIt users, potentially stealing session cookies and enabling client-side attacks. The available connec...

6.1CVSS5.8AI score0.01567EPSS
Exploits1References1Affected Software1
exploitpack
exploitpack
added 2018/02/02 12:0 a.m.16 views

IPSwitch MOVEit 8.1 9.4 - Cross-Site Scripting

IPSwitch MOVEit 8.1 9.4 - Cross-Site Scripting Exploit Title: IPSwitch MoveIt Stored Cross Site Scripting XSS Date: 1-31-2017 Software Link: https://www.ipswitch.com/moveit Affected Version: 8.1-9.4 only confirmed on 8.1 but other versions prior to 9.5 may also be vulnerable Exploit Author:...

6.8AI score
Exploits0
0day.today
0day.today
added 2018/02/01 12:0 a.m.38 views

IPSwitch MoveIt 9.4 Cross Site Scripting Vulnerability

Exploit for asp platform in category web applications Exploit Title: IPSwitch MoveIt Stored Cross Site Scripting XSS Software Link: https://www.ipswitch.com/moveit Affected Version: 8.1-9.4 only confirmed on 8.1 but other versions prior to 9.5 may also be vulnerable Exploit Author: email protecte...

7.1AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2017/12/14 5:34 p.m.42 views

The Good, The Bad and The Ugly of Safari in Client-Side Attacks

I’ve previously published an article about using Safari to compromise a computer file system. Unfortunately, there are more issues with Safari as we are now finding out. In this post, we will take a look at the possibility of a XSS exploit and a cookie compromise stemming from “unusual” Safari...

6.8AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2017/09/27 5:24 p.m.12 views

Why ArtsSEC decided to partner with Wallarm

by Maximiliano Soler, @maxisoler by Maximiliano Soller, CTO of ArtsSEC The greatest thing with partnerships is how well the organisations’ expertise complement each other. Our partnership with Wallarm has incredibly exceeded our expectations in their innovation and expertise in web application...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/06/13 6:25 a.m.70 views

Stellar.org: HTTP - Basic Authentication on https://www.stellar.org/wp-login.php

Greetings, noticed https://www.stellar.org/wp-login.php using basic authentication. PoC: YWRtaW46YWRtaW4= is base64 encode of admin:admin Impact: Vulnerable to client side attacks. Vulnerable to MITM attack. Vulenrable to Eavesdropping attack. Vulnerable to Brute force attacks. Fix: HTTP-Basic...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2017/01/16 5:58 a.m.102 views

Nextcloud: HTTP-Basic Authentication on logs.nextcloud.com

Greetings, While visiting https://logs.nextcloud.com/ , I noticed that this server use HTTP-Basic Authentication. F152730 POC : ------ GET https://logs.nextcloud.com/ HTTP/1.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.11; rv:50.0 Gecko/20100101 Firefox/50.0 Accept:...

0.4AI score
Exploits0
Kitploit
Kitploit
added 2016/03/23 10:30 p.m.25 views

Jsprime - A JavaScript Static Security Analysis Tool

Today, more and more developers are switching to JavaScript as their first choice of language. The reason is simple JavaScript has now been started to be accepted as the mainstream programming for applications, be it on the web or on the mobile; be it on client-side, be it on the server side...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2015/05/08 2:13 p.m.31 views

Kunai - Pwning & Info Gathering via User Browser

Sometimes there is a need to obtain ip address of specific person or perform client-side attacks via user browser. This is what you need in such situations. Kunai is a simple script which collects many informations about a visitor and saves output to file; furthermore, you may try to perform...

6.6AI score
Exploits0References1
Cisco
Cisco
added 2015/02/03 8:33 p.m.35 views

Cisco UCS C-Series Rack Servers Integrated Management Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Integrated Management Controller of the Cisco Unified Computing System C-Series Rack Servers could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe...

4.3CVSS6.5AI score0.01476EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2014/07/11 12:0 a.m.36 views

Yahoo! Mail Cross Site Scripting

Document Title: =============== Yahoo! Bug Bounty 30 YM - Application-Side Mail Encoding File Attachment Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1137 Release Date: ============= 2014-07-08 Vulnerability Laboratory ID VL-ID:...

Exploits0
Vulnerability Lab
Vulnerability Lab
added 2014/07/08 12:0 a.m.41 views

Yahoo! Bug Bounty #30 YM - Persistent Mail Vulnerability

Document Title: =============== Yahoo! Bug Bounty 30 YM - Persistent Mail Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1137 Release Date: ============= 2014-07-08 Vulnerability Laboratory ID VL-ID: ==================================== 11...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.58 views

SpagoBI 4.0 - Persistent XSS Vulnerability

No description provided by source. 01. Advisory Information Title: Persistent Cross-Site Scripting XSS in SpagoBI Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE...

3.5CVSS6.5AI score0.03655EPSS
Exploits7
The Hacker News
The Hacker News
added 2014/04/14 8:40 p.m.197 views

HeartBleed Bug Explained - 10 Most Frequently Asked Questions

Heartbleed – I think now it’s not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allow...

5CVSS7.7AI score0.99999EPSS
Exploits87
Vulnerability Lab
Vulnerability Lab
added 2013/09/25 12:0 a.m.50 views

Adobe - CS Flash Cross Site Vulnerability & Filter Bypass

Document Title: =============== Adobe - CS Flash Cross Site Vulnerability & Filter Bypass References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1022 Release Date: ============= 2013-09-25 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2013/09/13 2:23 p.m.24 views

[SpearPhisher] A Simple Phishing Email Generation Tool

SpearPhisher is a simple point and click Windows GUI tool designed for mostly non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending...

6.4AI score
Exploits0
Cisco
Cisco
added 2013/09/12 9:16 p.m.15 views

Cisco Prime LAN Management Solution Cross-Frame Scripting Vulnerability

A vulnerability in Cisco Prime LAN Management Solution could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an...

4.3CVSS0.7AI score0.01169EPSS
Exploits0References1
Rows per page
Query Builder