Persistent Cross-Site scripting in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows XSS...

WSO2 3.1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory:...

SeedDMS v5.1.18 - Multiple Persistent Web Vulnerabilities

Document Title: =============== SeedDMS v5.1.18 - Multiple Persistent Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2209 Release Date: ============= 2020-04-14 Vulnerability Laboratory ID VL-ID: ====================================...

The vulnerability of Xen hypervisors arises from synchronization errors when using shared resources, allowing a malicious actor to cause service failures or increase their privileges.

The vulnerability of Xen hypervisors arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause service failures or increase their privileges by adding a device with persistent communication capabilities...

Macs Framework v1.14f CMS - Multiple Web Vulnerabilities

Document Title: =============== Macs Framework v1.14f CMS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2206 Release Date: ============= 2020-04-13 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2020-11556

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent stored and reflected XSS vulnerabilities...

CVE-2020-11556

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent stored and reflected XSS vulnerabilities...

CVE-2019-1003003

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g...

Cross site scripting

A non-persistent XSS cross-site scripting vulnerability exists in eWON Flexy and Cosy all firmware versions prior to 14.1s0. An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can ...

DedeCMS v7.5 SP2 - Multiple Persistent Web Vulnerabilities

Document Title: =============== DedeCMS v7.5 SP2 - Multiple Persistent Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2195 Release Date: ============= 2020-04-08 Vulnerability Laboratory ID VL-ID: ===================================...

DedeCMS v7.5 SP2 - Multiple Cross Site Web Vulnerabilities

Document Title: =============== DedeCMS v7.5 SP2 - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2194 Release Date: ============= 2020-04-07 Vulnerability Laboratory ID VL-ID: ===================================...

Turning collaboration and customer engagement up with a strong identity approach

In these challenging times, it’s even more apparent that modern companies are managing a blended workforce that encompasses not only their full-time staff and customers but also their contractors, consultants, subsidiaries, suppliers, partners, and soon-to-be customers. Balancing friction-less...

pfSense 2.4.4-P3 - (User Manager) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457...

LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting

Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...

pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting

Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457 Vulnerability Details Description : A...

LimeSurvey 4.1.11 - (Survey Groups) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE :...

pfSense 2.4.4-P3 User Manager Cross Site Scripting

Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457 Vulnerability Details Description : A...

Vanguard 2.1 Cross Site Scripting

Exploit Title: Vanguard 2.1 Multi XSS Vunlerabilities Google Dork:N/A Date: 2020-04-04 Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/vanguard-marketplace-digital-products-php/20287975 Version: 2.1 Tested on: 5.4.0-4parrot1-amd64...

LimeSurvey 4.1.11 Cross Site Scripting

Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...

Self-Propagating Malware Targets Thousands of Docker Ports Per Day

The Docker cloud containerization technology is under fire, with an organized, self-propagating cryptomining campaign targeting misconfigured open Docker Daemon API ports. Thousands of container-compromise attempts are being observed every day as part of the campaign, according to Gal Singer, a...