19 matches found
Exploit for CVE-2025-65480
CVE-2025-65480: Remote Code Execution in Pacom Unison Client A...
CVE-2021-30975
This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox...
Cross-site Scripting (XSS) - Stored in apostrophecms/apostrophe
✍️ Description : An attacker could upload a specially crafted SVG image containing malicious scripting code. When following a link to this image, the code would be executed. 🕵️♂️ Proof of Concept : // PoC.js var payload = ... Link POC using Demo --...
Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2018-10430)
Microsoft Exchange Server is a set of e-mail service programs from Microsoft, which provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A power-up vulnerability exists in Microsoft Exchange Server, which stems from the program's failure to properly handle Web...
CVE-2017-1000236
I, Librarian version =4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...
Cross site scripting
I, Librarian version =4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...
Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9827/info Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious...
Weblogic 3.1.8/4.0.4/4.5.1 - Remote Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled Malicious HTML Tags Embedded in Client Web Requests advisory attached in 'Credit' section. This advisory was a joint release by the CERT...
DotNetNuke CMS Cross Site Scripting
PR10-19 DotNetNuke CMS XSS Advisory publicly released: Friday, 3 December 2010 Vulnerability found: Saturday, 30 October 2010 Vendor informed: Monday, 1 November 2010 Severity level: Low/Medium Credits Richard Brain of ProCheckUp Ltd www.procheckup.com Description DotNetNuke is a Content Manageme...
DAZ Studio Arbitrary Command Execution
Exploit for unknown platform in category local exploits ====================================== DAZ Studio Arbitrary Command Execution ====================================== Title: DAZ Studio Arbitrary Command Execution CVE-ID: 2009-4148 OSVDB-ID: Author: Core Security Published: 2009-12-03...
ProCheckUp Security Advisory 2007.41
PR07-41: XSS on Juniper Networks Secure Access 2000 Vulnerability found: 6th December 2007 Vendor informed: 12th December 2007 Severity: Medium-high Description: Juniper Networks Secure Access 2000 is vulnerable to a vanilla XSS. Vulnerable server-side script: '/dana-na/auth/rdremediate.cgi'...
PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script
PR07-14: Cross-site Scripting XSS / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script Date Found: 19th June 2007 Successfully tested on: version 5.5.2 F5 Networks has confirmed the following versions to be vulnerable: FirePass versions 5.4.1 - 5.5.2 FirePass...
PHPNews 1.3 - Link_Temp.php Cross-Site Scripting
PHPNews 1.3 - LinkTemp.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21404/info PHPNews is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...
Fairly serious vulnerability in vBulletin 2.2.0
This is my first report to bugtraq, I hope this is useful. This has been tested on vBulletin version 2.2.0. The vendor is CC'd on this message. I would imagine this applies to many products, not just the vbulletin, which I would like to say is more secure than most. ------------ The Exploit:...
Web-based email services filtering systems vulnerable to malicous script execution
Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript which can lead to...
CVE-2000-1105
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled...
Weblogic 3.1.84.0.44.5.1 - Remote Command Execution
Weblogic 3.1.84.0.44.5.1 - Remote Command Execution source: https://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled "Malicious HTML Tags Embedded in Client Web Requests" advisory attached in 'Credit' section". This advisory was a joint...
Weblogic 3.1.8/4.0.4/4.5.1 - Remote Command Execution
source: https://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled "Malicious HTML Tags Embedded in Client Web Requests" advisory attached in 'Credit' section". This advisory was a joint release by the CERT Coordination Center, DoD-CERT, t...
Microsoft Office 2000 Advisory
@Stake Inc. L0pht Research Labs www.atstake.com www.L0pht.com Security Advisory Advisory Name: Microsoft Office 2000 UA Control Scripting Release Date: 5-12-2000 Application: Microsoft Office 2000 Platform: Windows 95/98, NT 4.0 and 2000 Severity: Malicious active content can execute regardless o...