WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Author: Neven Biruski Software: WordPress Contact Form Maker plugin Software link: https://wordpress.org/plugins/contact-form-maker/ Version: 1.12.20 and below The easiest way ...

Design/Logic Flaw

product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download...

CVE-2016-10567

product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download...

Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext

For the second time in less than a week, users of the popular end-to-end encrypted Signal messaging app have to update their desktop applications once again to patch another severe code injection vulnerability. Discovered Monday by the same team of security researchers, the newly discovered...

Hackers Reveal How Code Injection Attack Works in Signal Messaging App

After the revelation of the eFail attack details, it's time to reveal how the recently reported code injection vulnerability in the popular end-to-end encrypted Signal messaging app works. As we reported last weekend, Signal has patched its messaging app for Windows and Linux that suffered a code...

CVE-2017-18090

Various resources in Atlassian Fisheye before version 4.5.1 the fixed version for 4.5.x and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a commit author...

Atlassian Confluence Server Cross-Site Scripting Vulnerability (CNVD-2018-03444)

Atlassian Confluence Server is a suite of professional enterprise knowledge management and collaboration software from Atlassian Australia, which can also be used to build an enterprise WiKi. the software enables collaboration and knowledge sharing amongst team members. A cross-site scripting...

ZKTeco ZKTime Web Personnel Advanced Query Department Module Cross-Site Scripting Vulnerability

ZKTeco ZKTime Web is a time and attendance management system from ZKTeco, Inc.The Department module in Personnel Advanced Query is one of the departmental personnel advanced query modules. A cross-site scripting vulnerability exists in the Range field of the Department module in Personnel Advance...

CVE-2017-2335

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...

Cross site scripting

A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker...

CVE-2017-2336 ScreenOS: XSS vulnerability in ScreenOS Firewall

A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker...

LocalTapiola: Reflected XSS in www.lahitapiola.fi (/cs/Satellite) using Oracle WebCenter -page

There is possible to include HTML/Javascript code in the parameter "destpage" of one of the Fatwire pages. The affected Fatwire page is: OpenMarket/Xcelerate/UIFramework/LoginError This allows to launch a reflected XSS attack by creating a simple URL like the following:...

Multiple Stored Cross-Site Scripting Vulnerabilities in EMC RSA Identity Management & Governance

EMC RSA Identity Management and Governance is an enterprise-class identity management solution. A stored cross-site scripting vulnerability exists in the implementation of RSA IMG, which can be exploited by an attacker to execute arbitrary HTML or JavaScript code...

ipTIME Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Please find a text-only version below sent to security mailing-lists. The complete version on exploits about my last advisory of ipTIME products is posted here:...

Google Chrome Denial of Service Vulnerability (CNVD-2015-02653)

Google Chrome is a web browser developed by the American company Google Google. Google Chrome versions prior to 42.0.2311.90 fail to ask the user before changing CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK, which could allow a remote attacker to construct an HTML document with ...

PlumeCMS <= 1.2.4 - Multiple Persistent XSS

No description provided by source. +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : PlumeCMS = 1.2.4 Multiple Persistent XSS Date : 04-04-2012 Author : Ivano Binetti http://www.ivanobinetti.com...

ZeroCMS 1.0 Cross Site Scripting

ZeroCMS v1.0 Cross-Site Scripting Vulnerability Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms Affected version: 1.0 Severity: Medium CVE: CVE-2014-4195 Date: 20/06/2014 Discovered by: Filippos Mastrogiannis @filipposmastro ZeroCMS is a very simple Content Management...

Alt-N MDaemon 13.0.3 and 12.5.6 Email Body HTML/JS Injection Vulnerability

Exploit for windows platform in category web applications VULNERABILITY DESCRIPTION: ========================== Alt-N MDaemon is prone to an HTML/Javascript injection vulnerability because it fails to sanitize user-supplied input. Attacker-supplied HTML and/or JavaScript code could run in the...

Facebook for Android - LoginActivity Information Disclosure

Facebook for Android - LoginActivity Information Disclosure source: https://www.securityfocus.com/bid/57173/info Facebook for Android is prone to an information-disclosure vulnerability. Successful exploits allows an attacker to gain access to sensitive information. Information obtained may aid i...

persistent xss through svg file attachment download

The fix for CONF-22132 was not sufficient because "svg" files are not "said" to be xml by the isXml method. This means that is possible for a malicious party to upload a svg file containing html/javascript which will be rendered in victim's web browser. This bug should have been raised a while ag...