Cross site scripting

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...

CVE-2018-17595

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...

CVE-2018-17595

CVE-2018-17595 affects Fork CMS 5.4.0, where HTML Injection and Stored XSS are triggered through the /backend/ajax URI. The available connected sources confirm the vulnerability in the specified version and describe the attack class as HTML injection leading to stored XSS in Fork CMS’s backend AJ...

Cross-Site Scripting (XSS)

Fork CMS is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session cookies or perform unwanted actions on behalf of the user via /backend/ajax...

Fork CMS 5.4.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Fork CMS 5.4.0 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.fork-cms.com/ Software Link : https://github.com/forkcms/forkcms Software : Fork 5.4.0 Product Version: 5.4.0 Vulernability Type ...

Fork CMS 5.4.0 Cross Site Scripting / HTML Injection

Exploit Title: Fork CMS 5.4.0 - HTML Injection and Stored XSS Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.fork-cms.com/ Software Link : https://github.com/forkcms/forkcms Software : Fork 5.4.0 Product Version: 5.4.0 Vulernability Type : Code Injection Vulenrabili...

Fork CMS 5.4.0 - Cross-Site Scripting

Fork CMS 5.4.0 - Cross-Site Scripting Exploit Title: Fork CMS 5.4.0 - Cross-Site Scripting Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.fork-cms.com/ Software Link : https://github.com/forkcms/forkcms Software : Fork 5.4.0 Product Version: 5.4.0 Vulernability Type...

Fork CMS 5.4.0 - Cross-Site Scripting

Exploit Title: Fork CMS 5.4.0 - Cross-Site Scripting Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.fork-cms.com/ Software Link : https://github.com/forkcms/forkcms Software : Fork 5.4.0 Product Version: 5.4.0 Vulernability Type : Code Injection Vulenrability : HTML...

Fork CMS 5.4.0 Cross Site Scripting / HTML Injection

Exploit Title: Fork CMS 5.4.0 - HTML Injection and Stored XSS Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.fork-cms.com/ Software Link : https://github.com/forkcms/forkcms Software : Fork 5.4.0 Product Version: 5.4.0 Vulernability Type : Code Injection Vulenrabili...

Prototype Pollution

Overview @sailshq/lodash is a fork of Lodash 3.10.x with ongoing maintenance from the Sails core team. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype...

Node.js third-party modules: Command Injection Vulnerability in win-fork/win-spawn Packages

I would like to report a command injection vulnerability in win-fork and win-spawn packages. It allows an attacker to inject multiple commands in exec-like manner. Module module name: win-spawn version: 2.0.0 npm page: https://www.npmjs.com/package/win-spawn npm page:...

CVE-2017-2652

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

Command injection

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

CVE-2017-2652

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

CVE-2017-2652

CVE-2017-2652 concerns Jenkins’ Distributed Fork plugin. It states that, through version 1.5.0, the dist-fork CLI command did not perform permission checks beyond Overall/Read, allowing any user with that permission to execute arbitrary shell commands on all connected nodes. Impact is arbitrary c...

CVE-2017-2652

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

CVE-2018-13095

An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel. A denial of service due to the NULL pointer dereference can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork...

DEBIAN-CVE-2018-13095

An issue was discovered in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel through 4.17.3. A denial of service memory corruption and BUG can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork...

UBUNTU-CVE-2018-13095

An issue was discovered in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel through 4.17.3. A denial of service memory corruption and BUG can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork...

Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Mobile (CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities were discovered in GSKit. IBM Security Access Manager for Mobile uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PR...