Cross site scripting

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

CVE-2015-8010

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

UBUNTU-CVE-2015-8010

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

CVE-2015-8010

Removed by vendor...

About the security content of Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac and Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

About the security content of Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac and Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS

About the security content of Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac and Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS This document describes the security content of Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac and Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS. About Apple securi...

GitLab: CSV injection in gitlab.com via issues export feature.

Dear GitLab bug bounty team, Summary --- GitLab allows users to export issues as a .csv file. By injecting a payload into an issue title an attacker could exfiltrate data or execute code on the target machine. For instance, by naming an issue =cmd|' /C calc'!A0 I am able to open up calc.exe on...

Discourse: Admin Command Injection via username in user_archive ExportCsvFile

When a user generates a backup of their posts, their username gets sent to the ExportCsvFile job. The username is placed inside of a gzip command in backticks. Although the application prevents special characters in usernames, an admin is able to make modifications to the database via the restore...

Trello: Exporting JSON of other Boards

Details: Using this vulnerability attacker can get all the each and every detail related to the specific Board. More over other details which leaks are : 1. username , fullname , Initial etc Of Victim and many other... Description: + go to account boards choose board , then go to Print And Export...

Pale Moon web browser - Customized SSL, Dynamic Code Loading, Exported components vulnerabilities

HackApp vulnerability scanner discovered that application Pale Moon web browser published at the 'play' market has multiple vulnerabilities...

UBUNTU-CVE-2017-5665

The spltcueexporttofile function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted file...

openSUSE Security Update : the Linux Kernel (openSUSE-2017-287)

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-6074: The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel mishandled DCCPPKTREQUEST packet data structures in the LISTEN state, which allowe...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-6074: The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel mishandled DCCPPKTREQUEST packet data structures in the LISTEN state, which allowed...

CVE-2017-6095

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php Unauthenticated with the GET Parameter: listid...

CVE-2017-6095

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php Unauthenticated with the GET Parameter: listid...

CVE-2017-6095

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php Unauthenticated with the GET Parameter: listid...

Reverse Engineering Communication Protocols: Netzob

Reverse Engineering Communication Protocols Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be...

AD ACL Scanner

AD ACL Scanner AD ACL Scanner is a tool completly written in PowerShell with GUI used to create reports of access control lists DACLs and system access control lists SACLs in Active Directory . New Features Faster compare of Access Control Lists using USN from replication metadata. Primary...

UBUNTU-CVE-2017-5381

The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox 51...

[SECURITY] Fedora 24 Update: bind99-9.9.9-4.P5.fc24

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP...