SQL Injection

phpmyadmin is vulnerable to SQL injection. The vulnerability is possible because it allows the attacker to inject malicious SQL scripts via the username in the designer feature...

Lapis Reviews plugin has xss vulnerability

Lai Bili Comments Plugin is a comment management plugin that uses social networking site accounts to log in, eliminating the registration process and increasing users' willingness to engage and communicate. An xss vulnerability exists in Lai Bili Comment Plugin, which can be exploited by attacker...

Vanco website builder system has xss vulnerability

Guangzhou Vanke Internet Technology Co., Ltd Vanke for short is an innovative enterprise that specializes in providing Internet marketing services for small and medium-sized enterprises SMEs. An xss vulnerability exists in the Vanke website builder system, which can be exploited by attackers to...

CVE-2018-20560

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the showname parameter...

Crypto currency mining machine using Elasticsearch vulnerability propagation-vulnerability warning-the black bar safety net

ElasticSearch is based on Lucene search server. It provides a distributed multi-user capability of the full-text search engine, based on the RESTful web interface. Elasticsearch is developed in Java, and as the Apache license under the terms of the open source release, is the current popular...

Browlock flies under the radar with complete obfuscation

Browlocks are the main driving force behind tech support scams, using a combination of malvertising and clever browser locker tricks to fool users. In fact, the effects can be so convincing that people call the rogue Microsoft support number for help because they believe their computer has been...

Cross site scripting

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...

CVE-2018-18517 - Cross-Site Scripting Vulnerability in Citrix NetScaler

Description of Problem A Cross-Site Scripting XSS vulnerability has been identified in Citrix NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise Edition and Citrix ADC formerly known as NetScaler ADC, that if exploited by an attacker with access to the NetScaler administrative...

CVE-2018-1246

Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the...

CVE-2018-17369

An issue was discovered in springbootauthority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter...

Wolf CMS Cross-Site Scripting Vulnerability (CNVD-2018-15770)

Wolf CMS is a PHP-based open source content management system CMS developed by the Wolf CMS team. The system provides user interface , templates , user management and rights management and other functions . A cross-site scripting vulnerability exists in the Snippets tag in Wolf CMS version 0.8.3....

CVE-2018-0390

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...

Cross site scripting

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...

MGASA-2018-0313 Updated mailman packages fix security vulnerability

It was discovered that mailman version prior to 2.1.27 contained a vulnerability where malicious list owners could inject evil scripts into listinfo pages CVE-2018-0618...

CVE-2018-7786

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting XSS vulnerability exists which could allow injection of malicious scripts...

Firewall and Privatizing Proxy: macOS Fortress

macOS-Fortress is a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers. It is Kernel-level, OS-level, and client-level security for macOS. Built to address a steady stream of attacks visible on snort and server logs, as well as blocks ads, malicious...

PayPal (Notify) - Bypass & Persistent Web Vulnerability

Document Title: =============== PayPal Notify - Bypass & Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1640 Video: http://www.vulnerability-lab.com/getcontent.php?id=1639 Release Date: ============= 2018-06-21 Vulnerability...

Security Bulletin:IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities (CVE-2016-1000220, CVE-2017-11479)

Summary IBM Security Guardium Big Data Intelligence SonarG has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-11479 DESCRIPTION: Elastic Kibana is vulnerable to cross-site scripting, caused by improper validation of user-supplied input in Timelion. A remote attacke...

Schneider Electric U.motion Builder Cross-Site Scripting Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric U.motion Builder, which allows attackers to exploit the vulnerability to inject malicious scripts and perform cross-site attacks...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...