CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

Adobe RoboHelp for Windows Cross-Site Scripting Code Vulnerability

Adobe RoboHelp for Windows is a set of professional authoring tools for the Windows-based platform. Adobe RoboHelp for Windows suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to...

Huawei Vicky-AL00A Mailbox APP suffers from stored XSS vulnerability

The Huawei Vicky-AL00A is a smartphone device from the Chinese company Huawei Huawei. The Huawei Vicky-AL00A Mailbox APP suffers from a stored XSS vulnerability, which can be exploited by a remote attacker to send emails with malicious code due to a lack of sufficient validation of the parameters...

Elasticsearch Kibana Cross-Site Scripting Vulnerability (CNVD-2017-15523)

Elasticsearch Kibana is a suite of open source, browser-based tools for analyzing and searching Elasticsearch dashboards. A cross-site scripting vulnerability exists in Elasticsearch Kibana, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which...

PT-2017-16178 · Mcafee · Mcafee Network Data Loss Prevention

Name of the Vulnerable Software and Affected Versions: McAfee Network Data Loss Prevention NDLP versions 9.3.x Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via HTTP response headers. This can be exploited by injecting malicious code into the HTTP...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2016-12550)

Cisco Identity Services Engine is a conversion-generating technology that provides a unified access path and policy path for network users and devices. A cross-site scripting vulnerability exists in Cisco Identity Services Engine, which allows remote attackers to exploit the vulnerability to inje...

Let's PHP! Frame high-speed chat cross-site scripting vulnerability

Let's PHP! Frame high-speed chat is a chat system from Let's PHP! Let's PHP! Frame high-speed chat suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack user...

Apple OS X Address Book Handling Vulnerability

Apple OS X is an operating system developed by Apple Inc. A security vulnerability in the Apple OS X address book handling environment variable allows local users to exploit the vulnerability to inject arbitrary code into the jinx to load the address book architecture...

Multiple Websense Product Cross-Site Scripting Vulnerabilities

Websense TRITON is the Unified Content Architecture for data security. A cross-site scripting vulnerability in Investigative Reports in multiple Websense TRITON products allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access ...

linux/x86 Search For php,html Writable Files and Add Your Code

; Title : Linux/x86 Search php,html writable files and add your code. ; Date : 2011-10-24 ; Author: rigan - imrigan sobachka gmail.com ; Size : 380 bytes + your code. ; ; Note : This shellcode writes down your code in the end of ; found files. Your code will be added only .html and .php ; files...

Custom shortcuts can pass the wrong parameters to applications

Custom shortcut and menu commands can be used to activate external applications. In some cases, the parameters passed to these applications are not prepared correctly, and may be created from uninitialized memory. These may be misinterpreted as additional parameters, and depending on the...