GHSA-Q58G-455P-8VW9 In RubyGem excon, interrupted Persistent Connections May Leak Response Data

Impact There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short,...

Race condition when using persistent connections

There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it...

VMware Carbon Black TAU Malware Analysis: Tofsee Botnet Resurfaces

Tofsee is a botnet which has not been reported on since the following analysis in September of 2016 by the Cert Polka team and Cisco Talos. This updated campaign employs new techniques in order to aggressively send large volumes of spam emails primarily targeting the adult dating scene. This new...

WordPress Superlist premium theme <= 2.9.2 - Persistent Cross-Site Scripting (XSS) vulnerability

Persistent Cross-Site Scripting XSS vulnerability found by SUBVΞRSΛ in WordPress Superlist premium theme versions = 2.9.2. Solution 12.12.2019 - we were unable to find a patched version of this theme...

SuperMicro X8STi-F Operating System Command Injection Vulnerability

The SuperMicro X8STi-F is a computer motherboard from SuperMicro USA. An operating system command injection vulnerability exists in the Virtual Media feature in the SuperMicro X8STi-F with IPMI firmware version 2.06 and BIOS version 02.68. An attacker can exploit this vulnerability to obtain a...

Oracle Siebel Sales 8.1 Cross Site Scripting

Exploit Title : Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting Exploit Author : omurugur Software link: https://www.oracle.com/tr/applications/siebel/ Effective version : Oracle Siebel Sales 8.1 CVE: N/A Examples Request; POST /salesADMINtrk/start.swe HTTP/1.1 Content-Type:...

Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting

Exploit Title: Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://snipeitapp.com/ Software Link: https://github.com/snipe/snipe-it/releases/tag/v4.7.5 Version: 4.7.5 Category: Webapps Tested on: Xamp...

Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

Exploit Title: Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://snipeitapp.com/ Software Link: https://github.com/snipe/snipe-it/releases/tag/v4.7.5 Version: 4.7.5 Category: Webapps Tested on: Xamp...

Command injection

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link :...

Online Inventory Manager 3.2 Cross Site Scripting

Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software : Online Inventory Manager Version : 3....

ListingPro < 2.0.14.5 - Reflected & Persistent Cross-Site Scripting

Reflected & Persistent XSS was discovered in the 'ListingPro - WordPress Directory Theme'. Current version is 2.0.14.2 August 9th 2019. Edit WPScanTeam: November 29th, 2019 - Envato Informed November 29th, 2019 - Envato Investigating December 4th, 2019 - v2.0.14.3 Released, fixing the reflected X...

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software : Online Inventory Manager Version : 3....

ListingPro < 2.0.14.5 - Reflected & Persistent Cross-Site Scripting

Reflected & Persistent XSS was discovered in the 'ListingPro - WordPress Directory Theme'. Current version is 2.0.14.2 August 9th 2019. Edit WPScanTeam: November 29th, 2019 - Envato Informed November 29th, 2019 - Envato Investigating December 4th, 2019 - v2.0.14.3 Released, fixing the reflected X...

CVE-2019-13936

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability. This issue affects: Siemens AG Polarion All versions 19.2...

Skype v8.x - History Export v7 Web Vulnerability

Document Title: =============== Skype v8.x - History Export v7 Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2187 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2019/08/11/skype MSRC: VULN-007910 Release Date:...

Skype v8.x - History Export v7 Web Vulnerability

Document Title: =============== Skype v8.x - History Export v7 Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2187 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2019/08/11/skype MSRC: VULN-007910 Release Date:...

TestLink 1.9.19 - Persistent Cross-Site Scripting

TestLink 1.9.19 - Persistent Cross-Site Scripting Exploit Title: TestLink 1.9.19 - Persistent Cross-Site Scripting Date: 2019-11-20 Exploit Author: Milad Khoshdel Software Link: http://testlink.org/ Version: TestLink 1.9.19 Tested on: Linux Apache/2 PHP/7.3.11 ========= Vulnerable Pages: ========...

TestLink 1.9.19 - Persistent Cross-Site Scripting

Exploit Title: TestLink 1.9.19 - Persistent Cross-Site Scripting Date: 2019-11-20 Exploit Author: Milad Khoshdel Software Link: http://testlink.org/ Version: TestLink 1.9.19 Tested on: Linux Apache/2 PHP/7.3.11 ========= Vulnerable Pages: ========= Persistent --...