1017 matches found
XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting
XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: XhP CMS 0.5.1 - Cross-Site Request Forgery to Persistent Cross-Site Scripting Exploit Author: Ahsan Tahir Date: 19-10-2016 Software Link: https://sourceforge.net/projects/xhp/ Vendor:...
OLX: Reflected XSS at m.olx.ph
INTRO The m.olx.ph domain is vulnerable to reflected XSS through the search function. EXPLOITABILITY & PoC The following URL contains an XSS vector, which causes an alert box to appear https://m.olx.ph/all-results?q=:%27%3E%3Cimg%20src=/%20onerror=alert%28document.domain%29%3E or...
CVE-2016-7966
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...
ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting
Exploit for jsp platform in category web applications !-- ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 5.3.12252 Summary: ZKAccess Systems ar...
Xerosploit - Efficient And Advanced Man In The Middle Framework
Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap...
See how I use LastPass to get to all your password-vulnerability warning-the black bar safety net
! Please note:the manufacturer has successfully fixed this issue,and the relevant information to inform a Lastpass user. Vulnerability status:has been fixed Repair time frame:9 0 days Vulnerability level:severe Manufacturer:LastPass Product:LastPass Report Date:2 0 1 6 7 2 6, Vulnerability overvi...
WordPress Power Zoomer Plugin - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
The vulnerability of the antivirus software Internet Security allows a hacker to inject arbitrary Web or HTML code.
The vulnerability of the antivirus software Internet Security exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...
Adobe Brackets Cross-site Scripting and Unspecified Vulnerabilities - Windows
Adobe Brackets is prone to cross-site scripting and an unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Adobe Brackets Cross-site Scripting and Unspecified Vulnerabilities - Mac OS X
Adobe Brackets is prone to cross-site scripting and an unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Cybozu Garoon 3.x < 4.2.0 Information Disclosure and XSS Vulnerabilities
Cybozu Garoon is prone to information disclosure and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Mapbox: XSS on www.mapbox.com/authorize
Description --- When you don't include the parameter clientid in the request to the endpoint at https://www.mapbox.com/authorize/, the template template-modal-unauthorized included in the client code of the endpoint is rendered with the value of the parameter redirecturi sent in the request witho...
IBM Connections File Upload Vulnerability
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A file upload...
BlackBerry Enterprise Service Cross-Site Scripting Vulnerability (CNVD-2016-02337)
BlackBerry Enterprise Server is a wireless solution. The solution provides a unified architecture for mobile devices to access enterprise applications, wireless email communications. A cross-site scripting vulnerability exists in BlackBerry Enterprise Server, which allows remote attackers to...
WordPress Jetpack Plugin <= 3.9.1 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
JSN PowerAdmin 2.3.0 Code Exection / CSRF / XSS
--------------------------------------------------------- RatioSec Research Security Advisory RS-2016-001 --------------------------------------------------------- JSN PowerAdmin Joomla! Extension Remote Command Execution Via CSRF and XSS vulnerabilities...
Fiyo CMS 2.0.2.1 Cross Site Scripting
Introduction Affected Product: Fiyo CMS 2.0.2.1 Fixed in: Fiyo CMS 2.0.6 Fixed Version Link: http://www.fiyo.org/blog/versi-2-0-6-banyak-perubahan-untuk-stabilitas Vendor Website: http://www.fiyo.org/ Vulnerability Type: Persistent XSS Remote Exploitable: Yes Reported to vendor: 28/12/2015 Fixed...
Hippo CMS 10.1 Stored Cross Site Scripting
" / " / input type="...
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery
Exploit Title: Wordpress simple add pages or posts CSRF Vulnerability Date: 2016/29/01 Exploit Author: ALIREZAPROMIS Vendor Homepage: https://wordpress.org/plugins/simple-add-pages-or-posts/ Software Link: https://downloads.wordpress.org/plugin/simple-add-pages-or-posts.1.6.zip Version: 1.6 Teste...
Microsoft FrontPage Server Extensions Cross Site Scripting (MS06-017: CVE-2006-0015)
A Cross Site Scripting vulnerability exists in Microsoft FrontPage Server Extensions and Microsoft SharePoint Team Services. The vulnerability is caused as a result of the failure of these products to properly validate certain CGI parameters passed to them. This vulnerability allows arbitrary HTM...