Backdoor found in Samsung Galaxy Devices, allows Hackers to remotely access/modify Data

Google’s Android operating system may be open source, but the version of Android that runs on most phones, tablets, and other devices includes proprietary, closed-source components. Phone makers, including Samsung ships its Smartphones with a modified version of Android, with some pre-installed...

CVE-2013-6232

Cross-site scripting XSS vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page...

Cross site scripting

Cross-site scripting XSS vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page...

CVE-2013-6232

Cross-site scripting XSS vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page...

CVE-2014-2067

Cross-site scripting XSS vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."...

(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content

Multiple cross-site scripting XSS vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 subject or 2 content values of a note in a system.addNote XML-RPC call...

Microsoft Internet Explorer Version Detection

The remote Windows host contains Internet Explorer, a web browser created by Microsoft. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72367; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/02/01"; scriptxrefname:"IAVT",...

CVE-2014-0812

Cross-site scripting XSS vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-0812

Joyful Note (KENT-WEB) is affected by a cross-site scripting (XSS) vulnerability in Joyful Note version 2.8 and earlier. The issue enables arbitrary script execution in the victim’s browser (via unspecified vectors) when using affected software. Root cause details in connected JVN records indicat...

CVE-2014-0812

Cross-site scripting XSS vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Joyful Note vulnerable to cross-site scripting

Overview Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the lates...

JVN#30718178: Joyful Note vulnerable to cross-site scripting

Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version...

Network Time Protocol (NTP) Amplification Attacks

A vulnerability in the "monlist" feature of ntpd can allow remote attackers to cause distributed denial of service attack DDoS via forged requests. US-CERT and the Canadian Cyber Incident Response Center CCIRC have both observed active use of this attack vector in recent DDoS attacks. US-CERT...

Wordpress Formcraft Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress formcraft Plugin Sql Injection Exploit Author : Ashiyane Digital Security Team Google Dork : inurl:/wp-content/plugins/formcraft Software Link : www.wordpress.org Tested on: Windows , Linux Date: 2013/12/2 Exploit : S...

CVE-2013-6904

Cross-site scripting XSS vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

WordPress Plugin Formcraft - SQL Injection

WordPress Plugin Formcraft - SQL Injection Exploit Title : Wordpress formcraft Plugin Sql Injection Exploit Author : Ashiyane Digital Security Team Google Dork : inurl:/wp-content/plugins/formcraft Software Link : www.wordpress.org Tested on: Windows , Linux Date: 2013/12/2 Exploit : Sql Injectio...

SAP NetWeaver Message Server – DoS

Application: SAP NetWeaver Message Server Versions Affected: SAP KERNEL 7.20 32BIT Vendor URL: http://www.sap.com Bugs: Improper Input Validation Exploits: PoC Reported: 10.07.2013 Vendor response: 11.07.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1773912 Author: George...

SAP CRM gwsync - XXE

Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1917054 CVSS: AV:N/AC:L/AU:N/C:P/I:N/A:N 5.0 Authors: Alexey Tyurin, Nikolay...

SAP CRM crm_flex_data - XXE

Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Exploits: YES Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1909665 Authors: Alexey Tyurin, Nikolay Mescherin ERPScan Description...

SAP NetWeaver ECATT_DISPLAY_XMLSTRING_REMOTE - XXE

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.31, probably others Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 20.01.2015 Reference: SAP Security Note 2016638 Authors: Nikolay...