CVE-2016-7146

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...

UBUNTU-CVE-2016-7148

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...

Bassmaster 1.5.1 - Batch Arbitrary JavaScript Injection Remote Code Execution (Metasploit)

require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...

Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution Exploit

This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character...

IBM TRIRIGA Application Platform Cross-Site Scripting Vulnerability

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

Brave Software: invalid homepage URL causes 'uncaught typeerror' or blank state

Summary: The issue is when you set the homepage as https://brave.com;https://google.com.vn and then change the setting to launch brave with homepage Products affected: Tested on windows7 x64 + BraveSetup-ia32 Steps To Reproduce: 1.go to Settings - General, inject to "My home page is":...

Cross-site scripting (XSS) vulnerability in China Mobile 139 Mailbox PC V2.5.1

139 Mailbox for PC is a general-purpose mailbox client launched by China Mobile. A cross-site scripting XSS vulnerability exists in China Mobile 139 Mailbox PC V2.5.1. An attacker exploiting the vulnerability can insert malicious js code into the page to obtain user cookies and other information,...

Cross-site Scripting Vulnerability in EaseUS Content Management System

EECO Content Management System is a marketing enterprise website system developed based on SEO-friendliness. There is an XSS cross-site scripting vulnerability in EE Content Management System. The vulnerability file is comment.php, due to the safecheck function is not filtered completely, the...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-08265)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

IBM Security Privileged Identity Manager Virtual Appliance Cross-Site Scripting Vulnerability

IBM Security Privileged Identity Manager is an identity management product within the IBM Identity Governance and Management solution that protects, automates, and audits the use of privileged identities to help defend against insider threats and improve security. IBM Security Privileged Identity...

WiFi-Pumpkin v0.8.1 - Framework for Rogue Wi-Fi Access Point Attack

Framework for Rogue Wi-Fi Access Point Attack Description WiFi-Pumpkin is a open source security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Installation Kali 2.0/WifiSlax 4.11.1/Parrot 3.0.1/2.0.5 Python 2.7 git clone...

Multiple stored cross-site scripting vulnerabilities in PHPCMS

PHPCMS is an open source website management software.PHPCMS V9 V9 for short uses PHP5+MYSQL as the technical basis for development. The latest version of PHPCMS has multiple stored cross-site scripting vulnerabilities that can be exploited by attackers to inject arbitrary JavaScript code into the...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06697)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06650)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06647)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06537)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

Cygnus Ease Mail Client - Address Book Cross-Site Scripting Vulnerability

Cygnus EaseMail Client is a professional e-mail client software for sending, receiving and managing e-mails, supporting the import of certificates and encrypted sending. The Cygnus Mail client is vulnerable to a cross-site scripting vulnerability. Allows an attacker to insert malicious js code in...

Adobe Brackets Cross-site Scripting and Unspecified Vulnerabilities - Mac OS X

Adobe Brackets is prone to cross-site scripting and an unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Brackets Cross-site Scripting and Unspecified Vulnerabilities - Windows

Adobe Brackets is prone to cross-site scripting and an unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

APSB16-20 Security update available for Adobe Brackets

Adobe has released a security update for Adobe Brackets for Windows, Macintosh and Linux. This update resolves a JavaScript injection vulnerability CVE-2016-4164 and a vulnerability in the extension manager CVE-2016-4165. Adobe recommends users update their product installation using the...