6653 matches found
CVE-2016-1267
CVE-2016-1267 affects Juniper Networks Junos OS by a race condition in the RPC functionality. Affected Junos OS versions include 12.1X44-D55 and earlier, 12.3R11 and earlier, 13.2R8 and earlier, 14.1R6 and earlier, 14.2R3-S4, 15.1F2/15.1R2, and 16.1R1. The underlying issue allows local users to r...
elit-style.com.ua XSS vulnerability
Vulnerable URL: http://elit-style.com.ua/search?q="/alert/xssposed/...
Symantec ITMS Inventory Solution Application Denial Functionality Bypass
SUMMARY The Inventory Solution component of Symantecs IT Management Agent, the client portion of Symantec IT Management Suite ITMS powered by Altiris, can be configured to deny one or more applications from running on a windows managed client as part of IT management functions. A determined user...
HackerOne: Deleted name still present via mouseover functionality for user accounts
Hey guys, So this isn't really a security bug or a big information disclosure. However, I noticed that if a user removes their name "Eric Angeles" from their account page https://hackerone.com/exodiaforbiddenone it will still be visible by mousing over the users handle on a disclosed report...
Cross-site request forgery
Administrate::ApplicationController actions don't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf...
Apache Jetspeed Multiple Vulnerabilities (Mar 2016)
Apache Jetspeed is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:jetspeed"; if...
D-Link DVG-5402SP CSRF / Brute Force
Hello list! There are Brute Force, Abuse of Functionality and Cross-Site Request Forgery vulnerabilities in D-Link DVG-5402SP VoIP Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DVG-5402SP, Firmware RU1.01. Other versions also...
[SECURITY] Fedora 24 Update: php-pecl-http-2.5.6-1.fc24
The HTTP extension aims to provide a convenient and powerful set of functionality for major applications. The HTTP extension eases handling of HTTP URLs, dates, redirects, headers and messages in a HTTP context both incoming and outgoing. It also provid es means for client negotiation of preferre...
[SECURITY] Fedora 23 Update: php-pecl-http-2.5.6-1.fc23
The HTTP extension aims to provide a convenient and powerful set of functionality for major applications. The HTTP extension eases handling of HTTP URLs, dates, redirects, headers and messages in a HTTP context both incoming and outgoing. It also provid es means for client negotiation of preferre...
rlt.ru XSS vulnerability
Vulnerable URL: http://rlt.ru/search/?searchquery=' autofocus onfocus='alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 21:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2504163 Google...
Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)
Exploit for php platform in category web applications var c=-1 var amttodelete=100 var id=document.getElementById"ids" var frm=document.getElementById"CSRF" function doit c++ arguments1.valu...
Citrix ICA Virtual Channels Overview
This article provides details of the design, functionality, and usage of the Citrix ICA Virtual Channels and focuses on the Citrix XenApp Plug-ins/Receiverfor Windows Target Audience Application developers, Citrixserver administrators, and help desk personnel. What are ICA Virtual Channels? A lar...
Fedora 23 : xen-4.5.2-7.fc23 (2016-2c15b72b01)
PV superpage functionality missing sanity checks XSA-167, CVE-2016-1570 VMX: intercept issue with INVLPG on non-canonical address XSA-168, CVE-2016-1571 Qemu: pci: NULL pointer dereference issue CVE-2015-7549 qemu: DoS by infinite loop in ehciadvancestate CVE-2015-8558 qemu: Heap-based buffer...
FreeBSD : xen-kernel -- PV superpage functionality missing sanity checks (7ed7c36f-ddaf-11e5-b2bd-002590263bf5)
The Xen Project reports : The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier MFN passed to MMUEXTMARKSUPER and MMUEXTUNMARKSUPER sub-ops of the HYPERVISORmmuextop hypercall as well as for various...
How Often Should You Scan Websites and Web Applications for Vulnerabilities?
Web Applications and Websites Exist in a Dynamic Environment There is no questioning the fact that the web application security landscape is in a constant state of flux. The pace of change is not only rapid but resembles a constant game of cat and mouse between hackers and security professionals...
staedtler.com.hk XSS vulnerability
Vulnerable URL: http://www.staedtler.com.hk/en/search/?txsolrq= Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 20:43 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2659768 Google Pagerank| 5 VIP website...
forterra.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-135383 Description| Value ---|--- Affected Website:| forterra.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
my-shop.ru XSS vulnerability
Vulnerable URL: http://my-shop.ru/shop/search/a/sort/z/page/1.html?f1439=0&f14;16=6&f14;6=book=0=1=4=25catid="...
gfmag.com XSS vulnerability
Vulnerable URL: https://www.gfmag.com/search/?contentsource=global-finance-magazine=1'%22%26%25promptString.fromCharCode88,83,83,80,79,83,69,68...
WordPress User Meta Manager 3.4.6 Plugin - Information Disclosure
Exploit for php platform in category web applications Exploit Title: WordPress User Meta Manager Plugin Information Disclosure Discovery Date: 2015-12-28 Public Disclosure Date: 2016-02-01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...