Lucene search
K

141 matches found

CNNVD
CNNVD
added 2021/10/14 12:0 a.m.3 views

Juniper Networks CtpView输入验证错误漏洞

Juniper Networks CtpView is a network management system from Juniper Networks, Inc. It is used to enable managers to deploy circuits while monitoring the network. An input validation error vulnerability exists in the CTPView server that stems from the product's failure to implement HSTS detection...

7.4CVSS7.3AI score0.00488EPSS
Exploits0References3
NVD
NVD
added 2021/08/10 3:15 p.m.11 views

CVE-2021-22676

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting XSS, which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA...

6.1CVSS0.00642EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/06 12:0 a.m.20 views

Advantech WebAccess/SCADA Cross-Site Scripting Vulnerability (CNVD-2021-59236)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech WebAccess/SCADA, which originates from UserExcelOut.asp failing to properly validate the correctness of user data. The...

6.1CVSS6AI score0.00642EPSS
Exploits0References1
ICS
ICS
added 2021/08/05 12:0 a.m.65 views

Advantech WebAccess SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Cross-site Scripting XSS, Relative Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

9.8CVSS7.8AI score0.0187EPSS
Exploits0References4
Hacker One
Hacker One
added 2021/04/15 10:27 a.m.244 views

Glovo: Moodle XSS on evolve.glovoapp.com

Cross Site Scripting XSS / Moodle XSS Summary : Cross-site scripting XSS is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by...

5.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/13 12:0 a.m.528 views

Simple Student Information System 1.0 SQL Injection

Exploit Title: Simple Student Information System 1.0 - SQL Injection Authentication Bypass Date: 13 April 2021 Exploit Author: Galuh Muhammad Iman Akbar GaluhID Vendor Homepage: https://www.sourcecodester.com/php/11400/simple-student-information-system-ajax-live-search.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/24 12:0 a.m.302 views

Online Faculty Clearance System 1.0 Cross Site Scripting

Exploit Title: Online Faculty Clearance System Persistent Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/onlineclearance0.zip Version: 1.0 Tested on Windows 10 @attack...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/24 12:0 a.m.241 views

Arteco Web Client DVR/NVR Session Hijacking

!/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit Vendor: Arteco S.U.R.L. Product web page: https://www.arteco-global.com Affected version: n/a Summary: Arteco DVR/NVR is a mountable industrial surveillance server ideal for those who need to...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/14 12:0 a.m.568 views

GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)

Exploit Title: Gitlab 11.4.7 - Remote Code Execution Date: 14-12-2020 Exploit Author: Fortunato Lodari fox at thebrain dot net, foxlox Vendor Homepage: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested On: Debian 10 +...

7.4AI score
Exploits0
OSV
OSV
added 2020/11/11 11:15 p.m.2 views

CVE-2020-26221

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser...

6.1CVSS6.4AI score0.00611EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/29 3:50 p.m.27 views

CVE-2019-4563

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

3.7CVSS4.8AI score0.00919EPSS
Exploits0References2
CNVD
CNVD
added 2020/07/10 12:0 a.m.2 views

IBM Security Guardium Insights Cookie Hijacking Vulnerability

IBM Security Guardium Insights is a modern hybrid multi-cloud data security hub from IBM USA. A cookie hijacking vulnerability exists in IBM Guardium Activity Insights 10.6 and 11.0. The vulnerability stems from IBM Guardium Activity Insights not setting the security properties of authorization...

4.3CVSS6.6AI score0.00921EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/20 12:0 a.m.1 views

XSS Vulnerability in Xi'an Deyatong Technology Co.

Based on multi-layer cloud computing architecture, DEYATOM CMS makes full use of big data, cloud computing, artificial intelligence and other technologies to build a government website intensification platform with a unified standard system, a unified technology platform, a unified security...

6.3AI score
Exploits0
NVD
NVD
added 2020/03/30 10:15 p.m.12 views

CVE-2020-9055

Versiant LYNX Customer Service Portal CSP, version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or...

5.4CVSS4.3AI score0.0051EPSS
Exploits0References2
Prion
Prion
added 2020/03/30 10:15 p.m.17 views

Cross site scripting

Versiant LYNX Customer Service Portal CSP, version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or...

3.5CVSS5AI score0.0051EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/03/30 8:50 p.m.68 views

CVE-2020-9055

Versiant LYNX CSP 3.5.2 is vulnerable to stored cross-site scripting due to insufficient input validation, enabling a local, authenticated attacker to inject JavaScript that is stored and executed for end users (possible redirects, session cookie hijacking, information disclosure). The issue is d...

5.4CVSS4.5AI score0.0051EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.15 views

Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2015-7410)

Summary IBM Sterling B2B Integrator Health Check tool is vulnerable to cookie hijacking for obtaining sensitive information. Vulnerability Details CVEID: CVE-2015-7410 DESCRIPTION: IBM 10x based applications are vulnerable to cookie hijacking for Web Services hosted over HTTPS protocol due to...

7.4CVSS1.3AI score0.00871EPSS
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2019/09/24 1:57 p.m.117 views

Malicious Ad Blockers for Chrome Caught in Ad Fraud Scheme

Google has removed two malicious ad blockers from its Chrome Web Store after a researcher discovered they were carrying out ad fraud and deceived Chrome users by using names of legitimate and popular blockers. Researcher Andrey Meshkov from rival ad blocker maker AdGuard discovered that the...

0.2AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2019/08/12 6:21 p.m.61 views

CVE-2018-20852

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5.3CVSS0.3AI score0.0388EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2019/03/04 12:0 a.m.48 views

Ability Mail Server 4.2.6 Cross Site Scripting

Exploit Title: Persistent Cross Site Scripting Ability Mail Server 4.2.6 CVE: CVE-2019-9557 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: https://www.codecrafters.com/AbilityMailServer Category: webapps Attack Type: Remote Impact: Data/Cookie hijackin...

0.1AI score0.00978EPSS
Exploits2
Rows per page
Query Builder