CVE-2016-2165

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts t...

Moxa AWK-3131A Wireless Access Point Cross-Site Scripting Vulnerability

Moxa AWK-3131A Wireless Access Point is a wireless switch from Moxa, China.Web Application is one of the web application modules. A cross-site scripting vulnerability exists in the Web Application feature of the Moxa AWK-3131A Wireless Access Point with firmware version 1.1. A remote attacker can...

Exploit Kit Activity Quiets, But is Far From Silent

Over the past six months, the roar of exploit kits has quieted to a whimper. But that doesn’t mean exploit kit threats are nonexistent. According to security experts, gangs behind them are regrouping, tweaking code and finding fresh software exploits to target. Here are the exploit kits and explo...

Cross site scripting

An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim...

CVE-2016-8719

An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim...

CVE-2016-8719

An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim...

CVE-2016-8789

Huawei eSpace Integrated Access Device IAD with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS...

CVE-2016-6343

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...

Breaking down a notably sophisticated tech support scam M.O.

Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, New tech support scam launches communication or phone call app. The cornerstone of tech support sca...

132 Google Play Apps Booted For Having Malicious IFrames

Google removed 132 apps infected with malicious iFrames from its Google Play store after security researchers discovered a development platform used to create the apps was infected with malware and in turn compromised the apps. Palo Alto Networks’ Unit 42 researchers said the apps were infected...

Valve Patches Trivial XSS Bug in Steam

Valve Corp., has patched a cross-site scripting vulnerability on its popular Steam gaming platform that could be exploited by viewing a maliciously crafted profile. The flaw could allow an attacker to carry out phishing attacks or execute malicious scripts just by opening a crafted profile page. ...

CVE-2017-5367

Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...

UBUNTU-CVE-2017-5389

WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user...

Acontent CMS Cross-Site Scripting Vulnerability

AContent is an eLearning content creation tool and library that supports importing, exporting, and producing IMS content packages. A cross-site scripting vulnerability exists in the newversion parameter of the install.php page in version 1.3 of Acontent, which can be exploited by an attacker to...

Horos Cross-Site Scripting Vulnerability

Horos is an open source free DICOM medical image viewer. A cross-site scripting vulnerability exists in Horos version 2.1.0, which can be exploited by attackers to steal cookie-based authentication or inject malicious scripts...

BackdoorMan - Toolkit That Helps You Find Malicious, Hidden And Suspicious PHP Scripts And Shells

A Python open source toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination, it automates the process of detecting the above. Purpose The main purpose of BackdoorMan is to help web-masters and developers to discover malicious scripts in their...

WordPress Image Gallery Plugin HTML Injection Vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blog platform , the platform supports PHP and MySQL server set up a personal blog site . Image Gallery is one of the image processing plug-ins . WordPress Image Gallery version 1.9.65 there is an HTML...

U.S. Dept Of Defense: Reflected cross-site scripting vulnerability on a DoD website

A cross-site scripting XSS vulnerability was found on a Department of Defense. XSS vulnerabilities can be used to trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @konduru-jashwanth able to demonstrate this...

Arbitrary File Upload Vulnerability in ucms

UCMS is an open source content management system that can be used to develop a variety of various enterprise stations, article stations and station systems. ucms background file management system file upload vulnerability. As the program does not judge the upload file, allowing attackers to explo...

contribute.theguardian.com XSS vulnerability

Vulnerable URL: https://contribute.theguardian.com/eu?INTCMP="%3E%3Csvg onload=alert'OPENBUGBOUNTY'%3E// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...