memcache-viewer - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: memcache-viewer - Stored XSS Date: 2017-02-24 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/chrisjameskirkham/memcache-viewer Software Link:...

Origin Null Vulnerability

rack-cors is vulnerable to an origin null vulnerability. When an iframe contains html code for its source instead of a URL, a website using rack-cors and allowing file:// does not prevent browsers to send null origins...

CVE-2017-5964

An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-5945

An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodllaudiourl" HTTP GET parameter passed to the "filterpoodllmoodle322016112802/poodll/mp3recorderskins/brazil/index.php" URL. An...

VMware vRealize Automation Cross-Site Scripting Vulnerability (VMSA-2016-0003)

VMware vRealize Automation is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-5897

IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Design/Logic Flaw

IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2016-7966

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...

CVE-2016-4026

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can...

CVE-2016-4026

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can...

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager CallManager could allow an unauthenticated, remote attacker to launch a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to...

iOS WebView Problem Allows Attackers to Initiate Phone Calls

iOS developers who have embedded Apple’s WebView into mobile apps need to be aware of an exploitable issue that could allow phone calls to a number of the attacker’s choosing. Researcher Collin Mulliner said the vulnerability is trivial to exploit, requiring at a minimum one line of HTML code. Th...

Design/Logic Flaw

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI...

CVE-2015-0787

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI...

CVE-2016-1592

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI...

Debian DSA-3697-1 : kdepimlibs - security update

Roland Tapken discovered that insufficient input sanitising in KMail's plain text viewer allowed the injection of HTML code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3697. The text...

Debian DLA-673-1 : kdepimlibs security update

Roland Tapken discovered that insufficient input sanitizing in KMail's plain text viewer allowed attackers the injection of HTML code. This might open the way to the exploitation of other vulnerabilities in the HTML viewer code, which is disabled by default. For Debian 7 'Wheezy', these problems...

DLA-673-1 kdepimlibs - security update

Bulletin has no description...

Debian Security Advisory DSA 3697-1 (kdepimlibs - security update)

Roland Tapken discovered that insufficient input sanitising in KMail OpenVAS Vulnerability Test $Id: deb3697.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3697-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2016 Greenbone...

DSA-3697-1 kdepimlibs - security update

Bulletin has no description...