11 matches found
EUVD-2020-27462
Malware in sbrugna...
Forcepoint Email Security 安全漏洞
Forcepoint Email Security is a suite of email protection solutions from US-based Forcepoint. The product includes features such as spam filtering, malware detection, phishing protection, and protection against intrusion BEC attacks. A security vulnerability exists in Forcepoint Email Security 8.5...
GHSA-X428-565F-8XJ2 TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfigincludes is vulnerable to directory traversal leading to same scenarios as...
Seotoaster 3.2.0 Cross Site Scripting
Exploit Title: Seotoaster 3.2.0 - Stored XSS on Edit page properties Exploit Author: Hardik Solanki Vendor Homepage: https://www.seotoaster.com/ Software Link: https://crm-marketing-automation-platforms.seotoaster.com/ Version: 3.2.0 Tested on Windows 10 XSS ATTACK: Cross-site Scripting XSS is a...
Seotoaster 3.2.0 - Stored XSS on Edit page properties
Exploit Title: Seotoaster 3.2.0 - Stored XSS on Edit page properties Exploit Author: Hardik Solanki Vendor Homepage: https://www.seotoaster.com/ Software Link: https://crm-marketing-automation-platforms.seotoaster.com/ Version: 3.2.0 Tested on Windows 10 XSS ATTACK: Cross-site Scripting XSS is a...
SAP BusinessObjects Business Intelligence Platform Information Disclosure Vulnerability (CNVD-2020-62466)
SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. An information disclosure vulnerability exists in SAP Business Object...
Arbitrary Code Execution and Cross-Site Scripting in Backend API
Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfigincludes is vulnerable to directory traversal leading to same scenarios as...
Page Properties Report showing restricted items
Pages using the Page Properties control that are restricted, still display in a page with the Page Properties Report control when they should not. To clarify: A page with the Page Properties Report control that is unrestricted, shows all of the relevant pages within it. However a few of the pages...
Page Properties Report showing restricted items
Pages using the Page Properties control that are restricted, still display in a page with the Page Properties Report control when they should not. To clarify: A page with the Page Properties Report control that is unrestricted, shows all of the relevant pages within it. However a few of the pages...
Page Properties Report showing restricted items
Pages using the Page Properties control that are restricted, still display in a page with the Page Properties Report control when they should not. To clarify: A page with the Page Properties Report control that is unrestricted, shows all of the relevant pages within it. However a few of the pages...
Code injection
Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks...