CVE-2023-35120 PiiGAB M-Bus Cross-Site Request Forgery

PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then...

CVE-2023-35146

A flaw was found in the Jenkins Template Workflows Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. This flaw allows a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim's W...

CVE-2023-2546

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

Security Bulletin: There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management (CVE-2022-28367, CVE-2022-29577)

Summary There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2022-28367 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input for Cascading Style Sheets CSS content. A remote...

NETGEAR SRX5308 Cross-Site Scripting Vulnerability (CNVD-2023-42977)

The NETGEAR SRX5308 is a VPN firewall appliance from NETGEAR. The NETGEAR SRX5308 suffers from a cross-site scripting vulnerability that stems from an incorrect manipulation of the parameter BandWidthProfile.ProfileName. An attacker could use this vulnerability to steal the victim's cookie-based...

Security Bulletin: There are several vulnerabilities in Bootstrap used by IBM Maximo Asset Management

Summary There are several vulnerabilities in Bootstrap used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2018-14040 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the collapse data-parent attribute. A remote...

Raspberry Pi Camera Server 1.0 Authentication Bypass Vulnerability

Exploit Title: "camp" Raspberry Pi camera server 1.0 - Authentication Bypass Exploit Author: Elias Hohl Vendor Homepage: https://github.com/patrickfuller Software Link: https://github.com/patrickfuller/camp Version: bf6af5c2e5cf713e4050c11c52dd4c55e89880b1 Tested on: Ubuntu 20.04 CVE :...

"camp" Raspberry Pi camera server 1.0 - Authentication Bypass

Exploit Title: "camp" Raspberry Pi camera server 1.0 - Authentication Bypass Date: 2022-07-25 Exploit Author: Elias Hohl Vendor Homepage: https://github.com/patrickfuller Software Link: https://github.com/patrickfuller/camp Version: bf6af5c2e5cf713e4050c11c52dd4c55e89880b1 Tested on: Ubuntu 20.04...

Security Bulletin: There are several vulnerabilities in AntiSamy used by BM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-28367, CVE-2022-29577)

Summary There are several vulnerabilities in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-28367 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input for Cascading...

CVE-2023-27570

The eotags package before 1.4.19 for PrestaShop allows SQL injection via a crafted ga cookie...

SUSE CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

Ivanti Cloud Services Appliance (CSA) Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in the Ivanti Cloud Services Appliance CSA for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the Cloud Services Appliance before 4.6.0-512 allows an unauthenticated user to execute arbitrary code with...

Ivanti Cloud Services Appliance (CSA) Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Cloud Services Appliance CSA Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Ivanti...

Bricco Authenticator Plugin SQL注入漏洞

Bricco Authenticator Plugin is an open source Escenic plugin from Bricco that provides cookie-based authentication for publishing. Bricco Authenticator Plugin suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to cause sql injection...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in Apache Tomcat (CVE-2022-34305)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in Apache Tomcat, which risks exposure of cookie-based authentication credentials. CVE-2022-34305. Apache Tomcat is used as a component in some of our TTS speech service images. Please re...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image zoom. A security vulnerability exists in PrestaShop versions prior to 2.1.3, which stems from the EU Cookie Law GDPR Banner +...

Password Storage Application Cross-Site Scripting Vulnerability

Password Storage Application is a password storage application. A cross-site scripting vulnerability exists in the Carlo Montero Password Storage Application, which stems from a lack of effective filtering and escaping of user-supplied data on the settings page, and can be exploited by an attacke...

Password Reset Poisoning

Description Elgg uses the HTTP Host-Header in a password reset request to generate the password reset link that is sent to the user in an email without any filters or checks. This allows an attacker to craft a password reset request using a manipulated host header, resulting in reset-token leakag...

Cross site scripting

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPPTEMPLATEFLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security...

Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2016-0399)

Summary IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the a specially-crafted URL to execute script in a victim's Web browser within the security context of the...