Oracle Netbeans IDE 8.1 Directory Traversal Vulnerability

Exploit for php platform in category local exploits + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: =============== www.oracle.com Product:...

Oneblog 2.0 Cross Site Scripting

Exploit Title :----------------- : Oneblog v2.0 - postsnew.php - Stored XSS Author :------------------------ : Nassim Asrir Author Company :------------------------ : HenceForth Author Email :------------------------ : [email protected] Google Dork :---------------- : - Date...

File Upload Vulnerability in X6CMS System

X6CMS, fully known as Xiaoliu Website Content Management System, is a fully functional marketing website management platform. X6CMS system has a file upload vulnerability, which can directly upload malicious script files to control the server...

BSNL Teracom Router Firmware Rewrite / Link Modification

Multiple Vulnerabilities in TERACOM ROUTER Author: Ajay Gowtham aka AJOXR Contact: gowtham.ajay5 at gmail.com Vulnerability Type: Insecure Upload File Permissions Affected Module: Upload Functionality Criticality: Medium Device Model: BSNL Teracom T2-B-Gawv1.4U10Y-BI is WiFi enabled ADSL2+...

OpenAM Cross-Site Scripting Vulnerability

ForgeRock is an enterprise identity management platform. A cross-site scripting vulnerability exists in ForgeRock OpenAM, which allows attackers to exploit the vulnerability to execute malicious scripts...

BlackBerry Enterprise Service Cross-Site Scripting Vulnerability (CNVD-2016-02335)

BlackBerry Enterprise Server is a wireless solution. The solution provides a unified architecture for mobile devices to access enterprise applications, wireless email communications. A cross-site scripting vulnerability exists in BlackBerry Enterprise Server, which allows remote attackers to...

Anti-Malware Security & Brute-Force Firewall <= 4.15.42 - XSS & CSRF

The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a XSS & CSRF security vulnerability. XSS vulnerability in https://wordpress.org/plugins/gotmls/ has been identified. While I scan a site with that plugin , i had a file '".png and it was skippped , but result was...

CVE-2016-2165 Loggregator Request URL Paths | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation, VMware Cloud Foundry Versions Affected cf-release v231 and lower Description The Loggregator Traffic Controller endpoints are not cleansing request URL paths when they are invalid and is returning them in the 404 response. This could allow maliciou...

Multiple XSS vulnerabilities.

PMASA-2016-12 Announcement-ID: PMASA-2016-12 Date: 2016-02-25 Summary Multiple XSS vulnerabilities. Description With a crafted table/column name it is possible to trigger an XSS attack in the database normalization page. With a crafted parameter it is possible to trigger an XSS attack in the...

Comodo's so-called 'Secure Internet Browser' Comes with Disabled Security Features

Beware Comodo Users! Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns. First of all, make sure whether your default browser had been changed to "Chromodo" -- a free browser offered by Comodo Antivirus. If your head nod is...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2016-00680)

IBM WebSphere Portal is a suite of enterprise portal solutions. A cross-site scripting vulnerability exists in IBM WebSphere Portal, which allows remote attackers to exploit the vulnerability to inject malicious scripts that can steal the current user's authentication cookie when malicious data i...

Multiple Vulnerabilities in GCMS 2005 of Beijing Guangdu Qimin Information Technology Co.

Ltd. Speed Sword 2005 GCMS is a portal creation and management system that integrates content management system, multi-site management and page display. SQL injection and cross-site scripting vulnerabilities exist in GCMS. An attacker can exploit the vulnerabilities to obtain sensitive database...

pratique.fr XSS vulnerability

Open Bug Bounty ID: OBB-94148 Description| Value ---|--- Affected Website:| pratique.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

JSoup Cross-Site Scripting Vulnerability

JSoup is a Java HTML parser , it can be through the DOM, CSS, and JQuery-like operations to take out and manipulate data . Jsoup suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used t...

Drupal Ctools Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP. ctools is one of the API modules used to improve the development experience. A cross-site scripting vulnerability exists in the Drupal Ctools module, which allows remote attackers to exploit the vulnerability to inject...

epigraf.su XSS vulnerability

Vulnerable URL: http://epigraf.su/search?a=0=%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3B%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1931551 Google Pagerank| 1 VIP...

IBM Security Network Protection Cross-Site Scripting Vulnerability

IBM Security Network Protection is a next-generation network intrusion prevention system. The system monitors application usage, website access and operation execution within the network to avoid attacks from malware, botnets and other threats. IBM Security Network Protection suffers from a...

(0Day) SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue lies in the ability to subvert th...

Opsview <= 4.6.2 - Multiple XSS Vulnerabilities

Exploit for php platform in category web applications Exploit title: Opsview 4.6.2 - Multiple XSS Date: 07-06-2015 Vendor homepage: www.opsview.com Version: 4.6.2 CVE: CVE-2015-4420 Author: Dolev Farhi @dolevf Tested On: Kali Linux + Windows 7 Details: -------- Opsview is a monitoring system base...

Multiple Scripting Cross-Site Scripting Vulnerabilities in concrete5

Concrete5 is an open source content management software. Multiple Concrete5 scripts fail to properly filter user-submitted input, allowing remote attackers to exploit vulnerabilities to inject malicious scripts or HTML code that can capture sensitive information or hijack user sessions when...