119 matches found
CVE-2017-2335
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...
Cross site scripting
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker...
CVE-2017-2336 ScreenOS: XSS vulnerability in ScreenOS Firewall
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker...
LocalTapiola: Reflected XSS in www.lahitapiola.fi (/cs/Satellite) using Oracle WebCenter -page
There is possible to include HTML/Javascript code in the parameter "destpage" of one of the Fatwire pages. The affected Fatwire page is: OpenMarket/Xcelerate/UIFramework/LoginError This allows to launch a reflected XSS attack by creating a simple URL like the following:...
Multiple Stored Cross-Site Scripting Vulnerabilities in EMC RSA Identity Management & Governance
EMC RSA Identity Management and Governance is an enterprise-class identity management solution. A stored cross-site scripting vulnerability exists in the implementation of RSA IMG, which can be exploited by an attacker to execute arbitrary HTML or JavaScript code...
ipTIME Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Please find a text-only version below sent to security mailing-lists. The complete version on exploits about my last advisory of ipTIME products is posted here:...
Google Chrome Denial of Service Vulnerability (CNVD-2015-02653)
Google Chrome is a web browser developed by the American company Google Google. Google Chrome versions prior to 42.0.2311.90 fail to ask the user before changing CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK, which could allow a remote attacker to construct an HTML document with ...
PlumeCMS <= 1.2.4 - Multiple Persistent XSS
No description provided by source. +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : PlumeCMS = 1.2.4 Multiple Persistent XSS Date : 04-04-2012 Author : Ivano Binetti http://www.ivanobinetti.com...
ZeroCMS 1.0 Cross Site Scripting
ZeroCMS v1.0 Cross-Site Scripting Vulnerability Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms Affected version: 1.0 Severity: Medium CVE: CVE-2014-4195 Date: 20/06/2014 Discovered by: Filippos Mastrogiannis @filipposmastro ZeroCMS is a very simple Content Management...
Alt-N MDaemon 13.0.3 and 12.5.6 Email Body HTML/JS Injection Vulnerability
Exploit for windows platform in category web applications VULNERABILITY DESCRIPTION: ========================== Alt-N MDaemon is prone to an HTML/Javascript injection vulnerability because it fails to sanitize user-supplied input. Attacker-supplied HTML and/or JavaScript code could run in the...
Facebook for Android - LoginActivity Information Disclosure
Facebook for Android - LoginActivity Information Disclosure source: https://www.securityfocus.com/bid/57173/info Facebook for Android is prone to an information-disclosure vulnerability. Successful exploits allows an attacker to gain access to sensitive information. Information obtained may aid i...
persistent xss through svg file attachment download
The fix for CONF-22132 was not sufficient because "svg" files are not "said" to be xml by the isXml method. This means that is possible for a malicious party to upload a svg file containing html/javascript which will be rendered in victim's web browser. This bug should have been raised a while ag...
Debian Security Advisory DSA 2365-1 (dtc)
The remote host is missing an update to dtc announced via advisory DSA 2365-1. OpenVAS Vulnerability Test $Id: deb23651.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2365-1 dtc Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Debian DSA-2365-1 : dtc - several vulnerabilities
Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services : - CVE-2011-3195 A possible shell insertion has been found in the mailing list handling. - CVE-2011-3196 Unix rights for the apache2.conf wer...
Adium 1.4.2 Cross Site Scripting
+-----------------------------------------------------------------------------+ | noptrix.net - Public Security Advisory | +-----------------------------------------------------------------------------+ Date: ----- 08/02/2011 Vendor: ------- Adium - http://www.adium.im/ Affected Software:...
Sethi Family Guestbook 3.1.8 - Cross-Site Scripting
Sethi Family Guestbook 3.1.8 - Cross-Site Scripting :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = Sethi Family Guestbook XSS Vulnerabilities Author = Valentin Hoebel Contact = [email protected]...
Viart shopping cart 3.5 - Multiple Vulnerabilities
Viart shopping cart 3.5 - Multiple Vulnerabilities =============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...
Flatnuke 3 Cookie Grabber Exploit
titolo" name="name" type="text" / Immagine File -- "alert69%3B...
EV0104.txt
New eVuln Advisory: Skull-Splitter's PHP Guestbook XSS Vulnerability http://evuln.com/vulns/104/summary.html --------------------Summary---------------- eVuln ID: EV0104 CVE: CVE-2006-1256 Software: Skull-Splitter's PHP Guestbook Sowtware's Web Site: http://www.boysen.be/ Versions: 2.6 2.7 Critic...