Sitefinity CMS 9.2 - Cross-Site Scripting Vulnerability

Exploit for asp platform in category web applications Exploit Title: Stored Cross Site Scripting XSS in Progress Sitefinity CMS 9.2 Date: Aug 31, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitefinity.com/ Tested on: Progress Sitefinity CMS 9.2 and lower CVE : NA Vendor...

Sitefinity CMS 9.2 - Cross-Site Scripting

Sitefinity CMS 9.2 - Cross-Site Scripting Exploit Title: Stored Cross Site Scripting XSS in Progress Sitefinity CMS 9.2 Date: Aug 31, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitefinity.com/ Tested on: Progress Sitefinity CMS 9.2 and lower CVE : NA Vendor Description...

Sitefinity CMS 9.2 - Cross-Site Scripting

Exploit Title: Stored Cross Site Scripting XSS in Progress Sitefinity CMS 9.2 Date: Aug 31, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitefinity.com/ Tested on: Progress Sitefinity CMS 9.2 and lower CVE : NA Vendor Description ------------------ Progress® Sitefinity™ is a...

Kony EMM 4.2.0 Private Key Disclosure

------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 4.2.0 and probably older versions Tested Version: Kony EMM 4.2.0 Advisory Publication: 20 March 2017 Vendor Notification: 29 Jan 2017...

Sitecore Experience Platform 8.1 Update-3 Cross Site Scripting Vulnerability

Sitecore Experience Platform version 8.1 Update-3 suffers from a cross site scripting vulnerability. Exploit Title: Stored Cross Site Scripting XSS in Sitecore Experience Platform 8.1 Update-3 Date: March 15, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitecore.net/en Version...

Sitecore CMS 8.1 Update-3 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Stored Cross Site Scripting XSS in Sitecore Experience Platform 8.1 Update-3 Date: March 15, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitecore.net/en Version: 8.1 rev. 160519 Tested on: Sitecore Experienc...

Sitecore Experience Platform 8.1 Update-3 Cross Site Scripting

Exploit Title: Stored Cross Site Scripting XSS in Sitecore Experience Platform 8.1 Update-3 Date: March 15, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitecore.net/en Version: 8.1 rev. 160519 Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519 CVE :...

C2Box 4.0.0(r19171) Validation Bypass

Title: Validation Bypass in C2Box application allows user to input negative value Author: Harish Ramadoss Vendor: boxautomationB.A.S Product: C2Box Version: All versions below 4.0.0r19171 Tested Version: Version 4.0.0r19171 Severity: Medium CVE Reference: 2015-4626 About the Product: B.A.S C2Box...

C2Box 4.0.0 r19171 Cross Site Request Forgery

Please add this advisory to your archive. Thanks. Title: Cross-Site Request Forgery CSRF Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomationB.A.S Product: C2Box Version: All versions below...

Palo Alto Traps Server 3.1.2.1546 - Persistent XSS Vulnerability

Exploit for windows platform in category web applications !/usr/bin/ruby =begin ------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested Version:...

Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting

Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting !/usr/bin/ruby =begin ------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested...

Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting

!/usr/bin/ruby =begin ------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested Version: 3.1.2.1546 Advisory Publication: 29 March 2015 Vendor...

Palo Alto Traps Server 3.1.2.1546 Cross Site Scripting

------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested Version: 3.1.2.1546 Advisory Publication: 29 March 2015 Vendor Notification: 17 October 20...

CVE-2014-8487: Kony EMM insecurity Direct Object Reference

------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 1.2 and probably older versions Tested Version: Drupal Kony EMM 1.2 Advisory Publication: 24 December 2014 Vendor Notification: 8 December 2014...

Manage Engine AD Audit Manager Plus Cross Site Scripting

Title:- Reflected cross-site scriptingXSS Vulnerability in Manage Engine AD Audit Manager Plus Admin PanelBuild 6270 Author: Harish Ramadoss - Help AG Middle East Vendor: ZOHO Corp Product: Manage Engine AD Audit Manager Plus Version: All versions below Build 6270 are mostly affected Tested...

ManageEngine Desktop Central 9 Build 90087 - CSRF Vulnerability

Exploit for jsp platform in category web applications :8020/STATEID/1417736606982/roleMgmt.do?actionToCall=addUser&SUBREQUEST=XMLHTTP" method="POST" input type="hidden" name="newDCAu...

Pearson eSIS Enterprise Student Information System SQL Injection

Advisory ID: hag201478 Product: Pearson eSIS Enterprise Student Information System Vendor: PearsonVue Vulnerable Versions: Any version Advisory Publication: April 06, 2014 Vendor Notification: March 05, 2014 Public Disclosure: April 06, 2014 Vulnerability Type: Improper Neutralization of Special...

Pearson eSIS Enterprise Student Information System Stored XSS

Advisory ID: hag201477 Product: Pearson eSIS Enterprise Student Information System Vendor: PearsonVue Vulnerable Versions: Any version Advisory Publication: April 06, 2014 Vendor Notification: March 05, 2014 Public Disclosure: April 06, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

Pearson eSIS Enterprise Student Information System XSS

Advisory ID: hag201477 Product: Pearson eSIS Enterprise Student Information System Vendor: PearsonVue Vulnerable Versions: Any version Advisory Publication: April 06, 2014 Vendor Notification: March 05, 2014 Public Disclosure: April 06, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

[CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module

Advisory ID: hag2014101 Product: EventCalendar Vendor: Drupal Vulnerable Versions: Drupal 7.14 and probably newer version Tested Version: Drupal 7.14 Advisory Publication: January 23, 2014 Vendor Notification: November 20, 2013 Public Disclosure: January 23, 2014 Vulnerability Type: Cross-Site...