Collectd-Web 0.4.0 Cross Site Scripting

Title -Collectd-web XSS Exploit Title : XSS Vulnerabilitie in Collectd-web Date: Sun May 22 11:55:36 EDT 2016 Reported Date : Sun May 22 11:55:36 EDT 2016 Vendor Homepage: https://collectd.org/wiki/index.php/Collectd-web Version: Version: 0.4.0 Software Link: https://github.com/httpdss/collectd-w...

Uber: DOM based XSS on

Possible Remote code execution DOM based XSS Vuln Jquery param : var strliID=jQuerylocation.attr'hash'; Target: Logged admin Go url https://drive.uber.com/melbourne/wp-admin/admin.php?page=Optionsgallerystyles" Solution : Upgrade latest version gallery plugin Your version v1.9.55 Test my localhos...

Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

JSN PowerAdmin extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in JoomlaShine 'JSN PowerAdmin extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when...

Wordpress-jQuery Html5 Plugin File Browsing Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. A file browsing vulnerability in the Wordpress-jQuery Html5 plugin allows attackers to exploit the vulnerability to obtain sensitive information...

WordPress CMS: source code security analysis report

Several vulnerabilities were discovered in Wordpress Foundation 'WordPress CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect User...

IPFire 2.19 Core Update 101 - Remote Command Execution

IPFire 2.19 Core Update 101 - Remote Command Execution Exploit Title: IPFire 2.19 Update Core 101 XSS to CSRF to Remote Command Execution Date: 04/05/2016 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ipfire.org Version: lesser-than 2.19 Core Update 101 Category: Remote Comman...

WordPress jQuery Html5 File Upload Plugin Arbitrary File Upload

An Arbitrary File Upload vulnerability exists in WordPress jQuery Html5 File Upload Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Joomla!: source code security analysis report

Several vulnerabilities were discovered in Open Source Matters, Inc. 'Joomla!' software: Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML...

Fedora 22 : drupal7-jquery_update-2.6-1.fc22 (2015-3abe019550)

See jQuery Update - Less Critical - Open Redirect - SA- CONTRIB-2015-123 Changes since 7.x-2.5 3 commits: Updating overlay code to match core Issue 2466329 by hanoii: Update 1.7 to 1.7.2 Issue 1546668 by sergey.semashko, RobLoach: Update to jQuery 1.8.3 Note that Tenable Network Security has...

Fedora 23 : drupal7-jquery_update-2.6-1.fc23 (2015-1f4cde17c4)

See jQuery Update - Less Critical - Open Redirect - SA- CONTRIB-2015-123 Changes since 7.x-2.5 3 commits: Updating overlay code to match core Issue 2466329 by hanoii: Update 1.7 to 1.7.2 Issue 1546668 by sergey.semashko, RobLoach: Update to jQuery 1.8.3 Note that Tenable Network Security has...

Fedora 21 : drupal7-jquery_update-2.6-1.fc21 (2015-bb714cae5f)

See jQuery Update - Less Critical - Open Redirect - SA- CONTRIB-2015-123 Changes since 7.x-2.5 3 commits: Updating overlay code to match core Issue 2466329 by hanoii: Update 1.7 to 1.7.2 Issue 1546668 by sergey.semashko, RobLoach: Update to jQuery 1.8.3 Note that Tenable Network Security has...

X (Formerly Twitter): DOMXSS in Tweetdeck

Hi, I would like to report a DOMXSS issue in TweetDeck. Details In Tweetdeck, a tweet contains info of what client app the user used to sent the tweet. The render process is vulnerable to DOMXSS. In https://ton.twimg.com/tweetdeck-web/web/dist/bundle.6f91b4e832.js, the following line is responsib...

jQuery Suspicious URL Redirection (CVE-2018-18084)

A suspicious URL redirection to a possibly malicious jQuery domain has been encountered. By injecting JavaScript code, an attacker may redirect the user to an attacker-controlled website...

Ruby on Rails jquery-ujs和jquery-rails安全绕过漏洞

Impact In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who...

BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities

Exploit for php platform in category web applications Product : BK Mobile CMS Exploit Author : Rahul Pratap Singh Version : 2.4 Home page Link : http://codecanyon.net/item/jquery-mobile-website-with-full-admin-panel/2441358 Website : 0x62626262.wordpress.com Linkedin :...

BK Mobile CMS 2.4 Cross Site Scripting

FULL DISCLOSURE Product : BK Mobile CMS Exploit Author : Rahul Pratap Singh Version : 2.4 Home page Link : http://codecanyon.net/item/jquery-mobile-website-with-full-admin-panel/2441358 Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 27/Jan/2016...

PHPIPAM 1.1.010 - Multiple Vulnerabilities

PHPIPAM 1.1.010 - Multiple Vulnerabilities Exploit Title: PHPIPAM v1.1.010 Multiple Vulnerabilities Date: 04/01/2016 Author: Mickael Dorigny @ Synetis Vendor or Software Link: http://phpipam.net/ Version: 1.1.010 Category: Multiple Vulnerabilities Tested on : 1.1.010 PHPIPAM description :...

Pinger Remote Code Execution

================================================================================ Pinger - Simple Pinging Webapp Remote Code Execution ================================================================================ Vendor Homepage: https://github.com/wcchandler/pinger Date: 17/12/2015 Software...

EvolutionScript 5.0 SQL Injection / Cross Site Scripting

evolutionscript v5.0 Mullti Vulnerability ========================================= Author : indoushka Vondor : http://EvolutionScript.com Dork : Powered by EvolutionScript Version 5.0 Copyright © 2010 - 2015 EvolutionScript.com ========================= Sql injection :...