Khan Academy: POST XSS in https://www.khanacademy.org.tr/ via page_search_query parameter

Hey there, while testing your program I came across a XSS vulnerability in the search area of your website. The vector uses HTTP POST request and the parameter is "pagesearchquery"" on www.khanacademy.org.tr/arama.asp In the next topics I will demonstrate how you can reproduce the vulnerability...

Adobe Flash Player for Mac <= 29.0.0.171 (APSB18-19)

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110396; scriptversion"1.8";...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 5.2 (RHSA-2018:1607)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1607 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a...

Xen Intel Architecture Debug Exception Handling Local Privilege Escalation (XSA-260)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a local privilege escalation vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if...

CISO Forum and the problems of Vulnerability Databases

Last Tuesday, April 24, I was at "CISO FORUM 2020: glance to the future". I presented there my report "Vulnerability Databases: sifting thousands tons of verbal ore". In this post, I'll briefly talk about this report and about the event itself. My speech was the last in the program. At the same...

Ed: Session Cookie Without Secure Flag

Hi Ed, The bug mentioned in the report 343095 is not yet correctly patched I believe. Previously, the Researcher reports that the cookiegitlabsession is not Secure Missing Secure Flag and u closed that report as Informative and said that "Expoitability of this issue is so low that it does not...

LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor : LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment : LAquis SCADA Vulnerability : Improper Check or Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device an attacker...

Aspen < 0.22 Directory Traversal

According to its banner, the version of Aspen running on the remote host is prior to 0.22. It is, therefore, affected by a directory traversal vulnerability due to improper sanitization of user-supplied input. Note that Nessus has not tested for this issue but has instead relied only on the...

Solaris 10 (sparc) : 138083-01

SunOS 5.10: snoop patch. Date this patch was last updated by Sun : Aug/04/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0 Multiple Vulnerabilities

The DHCP server version installed on the remote host is 4.1.0 to 4.1-ESV-R15, or 4.2.0 to 4.2.8, or 4.3.0 to 4.3.6, or 4.4.0. It is, therefore, vulnerable to a denial of service condition with in the omapiconnectionwriter function of the omapip/buffer.c script due to improper handling of an empty...

Microsoft Patch Tuesday, February 2018 Edition

Microsoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft's "critical" rating, meaning the problems...

Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check)

The version of Apple iTunes installed on the remote Windows host is prior to 12.7.3. It is, therefore, affected by multiple vulnerabilities in webkit as referenced in the HT208326 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-report...

Cross site scripting

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

Automattic: [public-api.wordpress.com] Stored XSS via Crafted Developer App Description

Hi, An injection in the "App Description" field within the WordPress Developers platform can be used to store and reflect JavaScript in the public-api.wordpress.com context. Steps to reproduce 1 As the "adversary" user, please visit the WordPress.com My Apps page and select "Create New Applicatio...

RHEL 7 : procmail (RHSA-2017:3269)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:3269 advisory. The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders...

Internet Bug Bounty: Multiple issues in Libxml2 (2.9.2 - 2.9.5)

Libxml2 is the XML C parser and toolkit developed for the Gnome project. Due to its flexible C implementation and continuous development, Libxml2 is known to be very portable, the library builds and works on a variety of systems Linux, Unix, Windows, CygWin, MacOS, MacOS X, RISC Os, OS/2, VMS, QN...

Zeta Components Mail 1.8.1 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: 'email protected -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...

Exploitability attributes of Nessus plugins: good, bad and Vulners

Exploitability is one of the most important criteria for prioritizing vulnerabilities. Let's see how good is the exploit-related data of Tenable Nessus NASL plugins and whether we can do it better. What are the attributes related to exploits? To understand this, I parsed all nasl plugins and got...

F5 Networks BIG-IP : Vim vulnerability (K22183127)

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. CVE-2016-1248 C Tenable Network Security, Inc. The descriptive text and package...

H3C / HPE Intelligent Management Center PLAT <= 7.3 E0501P01 Multiple Vulnerabilities

The version of HPE Intelligent Management Center iMC PLAT installed on the remote host is prior or equal to 7.3 E0501P01. It is, therefore, affected by multiple vulnerabilities which can be exploited to download files or disclose information. Note that Intelligent Management Center iMC is an HPE...