190 matches found
Dell EMC RSA Archer Injection Vulnerability
Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An injection vulnerability exists in versions prior to Dell EMC RSA Arche...
CVE-2020-6210
SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting XSS vulnerability...
Polyshell - A Bash/Batch/PowerShell Polyglot!
PolyShell is a script that's simultaneously valid in Bash, Windows Batch, and PowerShell i.e. a polyglot. This makes PolyShell a useful template for penetration testing as it can be executed on most systems without the need for target-specific payloads. PolyShell is also specifically designed to ...
OSIsoft PI Vision Cross-Site Scripting Vulnerability
OSIsoft PI Vision is a set of commercialized software application platform based on Ckient/Server structure from OSIsoft, supporting data acquisition, analysis and visualization. A cross-site scripting vulnerability exists in OSIsoft PI Vision, which can be exploited by an attacker to cause the...
CVE-2020-0646
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'...
UBUNTU-CVE-2005-4890
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process...
WordPress zx-csv-upload plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in version 1 of the WordPress zx-csv-upload plugin. The vulnerability ste...
CVE-2019-3400
The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jql parameter...
Access Control Error Vulnerability in Multiple Medtronic Products
MyCareLink Monitor and others are products developed by Medtronic. An Access Control Error vulnerability exists in multiple Medtronic products that stems from a failure of the Conexus telemetry protocol to perform authorization or authentication, which could be exploited by an attacker to inject,...
ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket
It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...
HTTP response splitting attack in WEBrick
Allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick...
CVE-2017-15374
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...
E-Sic Software livre CMS - Cross Site Scripting
E-Sic Software livre CMS - Cross Site Scripting Exploit Title: E-Sic Software livre CMS - Cross Site Scripting Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox...
DEBIAN-CVE-2016-10124
An issue was discovered in Linux Containers LXC before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container...
policycoreutils: SELinux sandbox escape via TIOCSTI ioctl
It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox...
Multiple Lenovo products remotely vulnerable
Lenovo Wireless Mouse Black and others are among the products in the wireless desktop kit that includes a mouse and keyboard from the Chinese company Lenovo. A remote security vulnerability exists in several Lenovo products, which can be exploited by an attacker to inject keyboard input via the...
CVE-2016-6257
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...
CVE-2016-6257
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...
WordPress Cross-Site Scripting Vulnerability (CNVD-2015-05009)
WordPress is a blogging platform developed using the PHP language. Versions of Wordpress prior to 4.2.3 have a cross-site scripting vulnerability in the implementation that allows users with Contributor or Author privileges to exploit this vulnerability to embed well-constructed HTML, JavaScript,...
Vimeo: Application XSS filter function Bypass may allow Multiple stored XSS
Hi, As i analysed the application behavior and the security structure, i found out that the application is using "Greedy XSS Regex filter" against XSS and removes any the whole string from ''. So i tried some basic bypass which allowed me to insert tags and other characters into the string. Here ...