3251 matches found
Drupal Ctools Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP. ctools is one of the API modules used to improve the development experience. A cross-site scripting vulnerability exists in the Drupal Ctools module, which allows remote attackers to exploit the vulnerability to inject...
epigraf.su XSS vulnerability
Vulnerable URL: http://epigraf.su/search?a=0=%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3B%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1931551 Google Pagerank| 1 VIP...
IBM Security Network Protection Cross-Site Scripting Vulnerability
IBM Security Network Protection is a next-generation network intrusion prevention system. The system monitors application usage, website access and operation execution within the network to avoid attacks from malware, botnets and other threats. IBM Security Network Protection suffers from a...
(0Day) SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue lies in the ability to subvert th...
Opsview <= 4.6.2 - Multiple XSS Vulnerabilities
Exploit for php platform in category web applications Exploit title: Opsview 4.6.2 - Multiple XSS Date: 07-06-2015 Vendor homepage: www.opsview.com Version: 4.6.2 CVE: CVE-2015-4420 Author: Dolev Farhi @dolevf Tested On: Kali Linux + Windows 7 Details: -------- Opsview is a monitoring system base...
Multiple Scripting Cross-Site Scripting Vulnerabilities in concrete5
Concrete5 is an open source content management software. Multiple Concrete5 scripts fail to properly filter user-submitted input, allowing remote attackers to exploit vulnerabilities to inject malicious scripts or HTML code that can capture sensitive information or hijack user sessions when...
WordPress Get Off Malicious Scripts Plugin <= 4.15.17 - Reflected XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
AlienVault OSSIM NBE import hostname/IP cross-site scripting vulnerability
AlienVault OSSIM or Open Source Security Information Management is a popular open source security management system. AlienVault OSSIM handles NBE imported hostname/ip with a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious scripts or...
Multiple Cross-Site Scripting Vulnerabilities in Cisco Finesse Server
Cisco Finesse Server is an agent and management desktop developed by Cisco. Cisco Finesse Server has multiple cross-site scripting vulnerabilities that can be exploited by remote attackers to inject malicious script or HTML code that can be used to gain access to sensitive information or hijack...
shop.megaheinz.com XSS vulnerability
Open Bug Bounty ID: OBB-58133 Description| Value ---|--- Affected Website:| shop.megaheinz.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
Cross-site Scripting Vulnerability in Hitachi IT Operations Analyzer
Overview A cross-site scripting vulnerability was found in the online help of Hitachi IT Operations Analyzer. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasur...
Cross-site Scripting Vulnerability in Hitachi Command Suite Products
Overview The online help of Hitachi Command Suite Products contains a cross-site scripting vulnerability. Impact A remote attacker can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
SolarWinds Storage Manager AuthenticationFilter Authentication Bypass
An authentication bypass vulnerability exists in SolarWinds Storage Manager. The vulnerability is due to a flaw within the AuthenticationFilter class. A remote unauthenticated attacker could exploit this vulnerability by bypassing the authentication filter and uploading malicious scripts to the...
Security Advisory-XSS Security Vulnerability on Huawei E355
Huawei E355 portable 3G wireless routers have the stored cross-site scripting XSS vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users. Vulnerability ID: HWPSIRT-2014-0516 The CVE No. of the...
SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue lies in the ability to subvert th...
Security Advisory-CSRF Vulnerability in Huawei HiLink Products
Several Huawei HiLink products have the CSRF Vulnerability. When users use these devices to visit websites that contain malicious scripts, the malicious scripts can exploit the vulnerability to change the configurations or use the functions of products. Vulnerability ID: HWPSIRT-2014-0243 This...
Inktomi Traffic Server 4.0/5.x Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7596/info Inktomi Traffic Server is prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of input passed to the proxy, which will be echoed back in error pages under some circumstances. ...
PHPay 2.2 Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7310/info It has been reported that user-supplied input to phPay is not sufficiently sanitized. This lack of sanitization provides an opportunity for an attacker to launch cross-site scripting attacks. It is possible for ...
Winn Guestbook 2.4.8c - Stored XSS Vulnerability
No description provided by source. Exploit Title: Winn Guestbook v2.4.8c Stored XSS Date: 12/29/11 Author: G13 Software Link: http://code.google.com/p/winn-guestbook/, http://www.winn.ws Version: 2.4.8c Category: webapps php CVE: 2011-5026 Vulnerability There is no sanitation on the input of the...
ASPPlayground.NET 3.2 SR1 Remote Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14070/info ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability. Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the script...