6654 matches found
PYSEC-2017-109
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality...
Cross site scripting
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality...
CVE-2017-3152
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...
Cross site scripting
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
tovek.se XSS vulnerability
Vulnerable URL: http://tovek.se/s%C3%B6k?frmSearch=true=a%27aa%22%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 368633 VIP...
uponor.pt XSS vulnerability
Open Bug Bounty ID: OBB-282302 Description| Value ---|--- Affected Website:| uponor.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2017-12879
Cross-site scripting XSS-STORED vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML...
How To Automate Security Analysis with the RIPS API
RIPS API RIPS exposes a powerful REST-API, an interface specifically designed for developers and their applications. It is used to provide the web interface with analysis results, to start scans through plugins, to manage users, and much more. In short, the API enables easy automation of all RIPS...
CVE-2017-12882
Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...
Cross site scripting
Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...
Threat Round-up for Aug 11 - Aug 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 11 and August 18. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
simsng.com XSS vulnerability
Vulnerable URL: http://simsng.com/product//search?search="...
What’s new in Gartner WAF Magic Quadrant 2017?
To tell the truth, I was not much interested in Web Application Firewall market since the time when I was doing competitive analysis in Positive Technologies. And a few days ago Gartner published a fresh WAF research with interesting Magic Quadrants. I decided to figure out what's new there. Here...
Back to school cybersecurity tips for parents and kids
The time to start the new school term is just around the corner. And for parents, the excitement and anxiety may be palpable, especially if it's their kid's first time attending a new school. Ads for back-to-school gear start as early as July, increasing in frequency and urgency until the kiddos...
CVE-2017-10140
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...
[SECURITY] Fedora 25 Update: jackson-databind-2.7.6-3.fc25
General data-binding functionality for Jackson: works on core streaming API...
touchcommerce.com XSS vulnerability
Vulnerable URL: http://www.touchcommerce.com//search?q=...
[SECURITY] Fedora 25 Update: php-horde-Horde-Core-2.30.0-1.fc25
These classes provide the core functionality of the Horde Application Framework...
[SECURITY] Fedora 26 Update: php-horde-Horde-Form-2.0.18-1.fc26
The HordeForm package provides form rendering, validation, and other functionality for the Horde Application Framework...
CVE-2017-2885
A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by...