Lucene search
K

141 matches found

Packet Storm
Packet Storm
added 2019/03/04 12:0 a.m.64 views

Mailtraq WebMail 2.17.7.3550 Cross Site Scripting

Exploit Title: Persistent Cross Site Scripting XSS - Mailtraq WebMail version 2.17.7.3550 CVE: CVE-2019-9558 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.mailtraq.com/mail-server-software Category: webapps Attack Type: Remote Impact:...

6.4AI score0.00986EPSS
Exploits2
CNVD
CNVD
added 2018/11/28 12:0 a.m.3 views

TerraMaster TOS Session Fixation Vulnerability

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A session fixation vulnerability exists in the web application in TerraMaster TOS...

5.8CVSS5.9AI score0.01188EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2017/06/30 1:11 p.m.9 views

Majority of Sites Fail Mozilla's Comprehensive Security Review

A majority of the top 1 million websites earn an “F” letter grade when it comes to adopting defensive security technology that protect visitors from XSS vulnerabilities, man-in-the-middle attacks, and cookie hijacking. The failing grades come from a comprehensive analysis published this week by t...

6.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2017/05/22 3:25 p.m.23 views

Verizon Patches XSS Issues in its Messaging Client

Verizon late last year patched a vulnerability in its Message+ messaging client that could have allowed an attacker to take over a session and possibly extend their reach into a user’s account management settings. Researcher Randy Westergren yesterday disclosed some details on the bug, which coul...

Exploits0References4
CNVD
CNVD
added 2017/05/11 12:0 a.m.2 views

Storage-based Cross-site Scripting Vulnerability in Aisook General Enterprise Website Builder System

Aisok universal enterprise building system cicms is based on PHP + Mysql development of an enterprise website management system. A storage-based cross-site scripting vulnerability exists in the Aisook General Enterprise Website Builder System. The vulnerability is caused by the message function...

6.3AI score
Exploits0
0day.today
0day.today
added 2016/11/12 12:0 a.m.25 views

WordPress W3 Total Cache 0.9.4.1 Race Condition Vulnerability

An information disclosure vulnerability was found in the W3 Total Cache plugin. This issue allows an attacker to hijack sensitive information, such as the administrator's session cookie. Exploiting the vulnerability is possible during a short period of time when an administrator submits the suppo...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/11 12:0 a.m.35 views

WordPress W3 Total Cache 0.9.4.1 Race Condition

------------------------------------------------------------------------ Information disclosure race condition in W3 Total Cache WordPress Plugin ------------------------------------------------------------------------ Sipke Mellema, July 2016...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/09 12:0 a.m.25 views

e107 CMS 2.1.2 Privilege Escalation

Exploit Title: e107 CMS 2.1.2 Privilege Escalation Date: 09-11-2016 Software Link: http://e107.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description Datas from $POST'updateddata' inside usersettings.php are...

0.5AI score
Exploits0
ThreatPost
ThreatPost
added 2016/08/04 6:14 p.m.15 views

Lack of Encryption Leads to Large Scale Cookie Exposure

LAS VEGAS—There’s been an abundance of attacks against crypto over the last few years but a much simpler, scarier threat, cookie hijacking, remains significantly overlooked in the eyes of researchers. Two academics, Suphannee Sivakorn, a PhD student at Columbia University, and Jason Polakis, an...

7AI score
Exploits0References2
Packet Storm
Packet Storm
added 2016/05/27 12:0 a.m.174 views

Citrix Netscaler 11.0 Build 64.35 Cross Site Scripting

PERSICON Security Advisory ======================================================================= Title: Login Form Hijacking vulnerability Product: Citrix Netscaler Vulnerable Version: 11.0 Build 64.35 Fixed Version: 11.0 Build 66.11 CVE-ID: CVE-2016-4945 Impact: medium found: 2015-04-07 by: Dr...

4.3CVSS6.4AI score0.01372EPSS
Exploits1
Packet Storm
Packet Storm
added 2015/11/27 12:0 a.m.19 views

Visual Paradigm Server 10.0 Cross Site Scripting

================================================================ Visual Paradigm Server v10.0 - Cross Site Scripting XSS ================================================================ Information -------------------- Name: Visual Paradigm Server v10.0 - Cross Site Scripting XSS Affected Softwar...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/07/02 12:0 a.m.1556 views

HSTS Missing From HTTPS Server

The remote HTTPS server is not enforcing HTTP Strict Transport Security HSTS. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and...

5.6AI score
Exploits0References1
ArchLinux
ArchLinux
added 2015/04/18 12:0 a.m.50 views

chromium: multiple issues

CVE-2015-1235 cross-origin bypass A vulnerability was discovered that allows cross-origin-bypass in the HTML parser. - CVE-2015-1236 cross-origin bypass A vulnerability was discovered that allows cross-origin-bypass in the rendering engine Blink. - CVE-2015-1237 arbitrary code execution An...

7.5CVSS1.7AI score0.02702EPSS
Exploits1References14
Cvelist
Cvelist
added 2015/03/18 4:0 p.m.19 views

CVE-2015-2296

The resolveredirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect...

5.8AI score0.03408EPSS
Exploits0References8
securityvulns
securityvulns
added 2015/02/11 12:0 a.m.100 views

Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072)

Cookie hijacking: Internet Explorer UXSS CVE-2015-0072 Host below files on webserver attacker.com and share the exploit link with victims, exploit.php --- exploit link Share with victim redirect.php --- Script to redirect on target page target page should not contain X-Frame-Options or it will fa...

4.3CVSS5.8AI score0.71698EPSS
Exploits5
Packet Storm
Packet Storm
added 2015/02/09 12:0 a.m.46 views

Microsoft Internet Explorer Universal XSS Proof Of Concept

Cookie hijacking: Internet Explorer UXSS CVE-2015-0072 Host below files on webserver attacker.com and share the exploit link with victims, exploit.php --- exploit link Share with victim redirect.php --- Script to redirect on target page target page should not contain X-Frame-Options or it will fa...

4.3CVSS0.1AI score0.71698EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

PHPNuke AddOn PHPToNuke.PHP 1.0 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3807/info phptonuke.php is a PHPNuke AddOn script to insert a PHP script into the middle of a PHPNuke site. It is written and maintained by Lebios. It is possible for a malicious user to create a link to the phptonuke.php...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

PHP TopSites 2.0/2.2 help.php Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6622/info A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cookie information or...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

PHP-Nuke 6.0 - Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/6409/info It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for script code to be embedded in...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

CTERA 3.2.29.0 and 3.2.42.0 - Stored XSS

No description provided by source. 恶意用户可以修改项目文件夹描述进行XSS攻击和HTML注入(添加链接、图片和按钮等)。 因为项目文件夹时被不同用户共享,该漏洞可以用来抓取会话cookie。 创建一个项目文件夹并添加下面的描述(根据版本修改特定路径):...

7.1AI score
Exploits0
Rows per page
Query Builder