Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description Centreon suffers from a stored XSS vulnerability. Input passed thru the POST parameter 'imgcomment' is not...

4images 1.7.11 Cross Site Scripting

============================================= MGC ALERT 2015-001 - Original release date: September 08, 2015 - Last revised: September 24, 2015 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY...

Vimeo: XSS on vimeo.com/home after other user follows you

Description If some user follows you on Vimeo, the Name of the user appears in the header of your Home like "Name followed you. The staff posted...". The problem is that the Name is not escaped, which allows to insert HTML code. Proof of concept 1. Using the attacker's account, go to...

WordPress JW Player Plugin <= 2.1.14 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Upgrade this plugin...

Microsoft Windows HTA Remote Code Execution

!/usr/bin/php poc'."\n\n"; $reza = socketcreateAFINET, SOCKSTREAM, 0 or die'Failed to create socket!'; socketbind$reza, 0,$port; socketlisten$reza; $msgd = "\x3c\x68\x74\x6d\x6c\x3e\x0d\x0a\x3c\x6d\x65\x74\x61\x20\x68\x74\x74\x70\x2d\x65\x71\x75\x69\x76"...

Remote HTML tag injection in Gaia System app — Mozilla

Security researcher Muneaki Nishimura reported an issue with Gaia's System app which allows an attacker to inject HTML code into the System app's context via specially-crafted search links. The injection occurs when the user opens such malicious link in the browser and then presses the HOME butto...

Reflected Cross-Site Scripting (XSS) in iTop

High-Tech Bridge Security Research Lab discovered vulnerability in iTop, which can be exploited to perform Cross-Site Scripting XSS attacks against web application users. iTop is a critical application, which is used to cover the entire set of ITIL processes. Successful attack on this web...

The system allows the upload of the xml file may lead to xss-vulnerability warning-the black bar safety net

the xml file may contain an xml-stylesheet tag is used to specify an xsl file to the xml file format and output. In the xsl output of the process, you can output any html code, including thescriptag。。。。 That you can bomb alert. However, the xml formatted script permissions is relatively small, ma...

WordPress BP Gallery Plugin <= 1.2.5 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Upgrade the plugin...

WordPress Link Library Plugin <= 5.0.8 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Vulnerable parameter "id". Solution Update the plugin...

WordPress External Video For Everybody Plugin <= 2.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

Hotspot Express hotEx Billing Manager <= 73 Multiple Vulnerabilities - Active Check

Hotspot Express hotEx Billing Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Balero CMS Multiple Vulnerabilities

Balero CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-68-1 : fex security update

CVE-2014-3875 When inserting encoded newline characters into a request to rup, additional HTTP headers can be injected into the reply, as well as new HTML code on the top of the website. CVE-2014-3876 The parameter akey is reflected unfiltered as part of the HTML page. Some characters are forbidd...

Microsoft Internet Explorer EUC-JP Character Encoding Cross Site Scripting - Ver2 (CVE-2013-3192)

A universal cross site scripting vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way that IE handles EUC-JP character encoding. A remote attacker could exploit this vulnerability by submitting specially crafted HTML code into a target web site that uses EUC-JP...

XSSYA v2.0 - Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA Cross Site Scripting Scanner & Vulnerability Confirmation written in python scripting language confirm the XSS Vulnerability in two method first work by execute the payload encoded to bypass Web Application Firewall which is the first method request and responseif it respond 200 it turn...

Visualware MyConnection Server <= 8.2b Multiple XSS Vulnerabilities

Visualware MyConnection Server is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

X (Formerly Twitter): XSS in original referrer after follow

Hey hi, There is a XSS in the intent functionality , Steps to reproduce ======================= 1 copy paste the following Link https://twitter.com/intent/favorite/complete?tweetid=572435913768366080&alreadyfavorited=false&originalreferer=javascript:alert%281%29; 2 Click follow 3 now click return...

SA-CONTRIB-2015-048 - Avatar Uploader - Arbitrary PHP code execution

Avatar Uploader module provides an alternative way to upload user pictures. The module doesn't sufficiently enforce file extensions when an avatar is uploaded, allowing users to bypass Drupal's normal file upload protections to install malicious HTML or executable code to the server. This...

Pirelli ADSL2/2+ Wireless Router P.DGA4001N Information Disclosure Vulnerability

ADB BroadBand Pirelli ADSL2/2+ wireless router version P.DGA4001N suffers from multiple unauthenticated remote information disclosure vulnerabilities. - Title: CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar - Author:...