CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

CVE-2019-13493

Sitecore 9.0 rev 171002 is affected by a Persistent XSS in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript. This CVE (CVE-2019-13493) is documented across multiple sources (NVD/Red Hat/CVE listi...

CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

Two firmware vulnerabilities impacting Lenovo, Acer and five additional server brands allow adversaries to brick servers, run arbitrary code on targeted systems and maintain a persistent foothold – surviving even an operating system reinstallation. The bugs are tied to Gigabyte motherboards used ...

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Exploit Title: Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Date: 2019-07-17 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: https://www.oracle.com/applications/siebel...

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting

Exploit Title: Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Date: 2019-07-17 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: https://www.oracle.com/applications/siebel/ Version: Siebel CRM UI Framework Version 19.0 and prior...

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for linux platform in category web applications Exploit Title: Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: https://www.oracle.com/applications/siebel/ Version: Siebel...

Oracle Siebel CRM 19.0 Cross Site Scripting

Exploit Title: Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Date: 2019-07-17 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: https://www.oracle.com/applications/siebel/ Version: Siebel CRM UI Framework Version 19.0 and prior...

honggfuzz vulnerability mining technology principle analysis-vulnerability warning-the black bar safety net

Google AFLWinAFL, the libfuzzer and honggfuzz is the most famous of the three based on code coverage fuzzer is. Online on the AFLWinAFLanalysis of the articles more, and on the latter two Analysis Articles less. Before the spring brother has written about honggfuzz article: honggfuzz vulnerabilit...

Exploring the Power of Phished Persistent Cookies in AWS

The post Exploring the Power of Phished Persistent Cookies in AWS appeared first on Rhino Security Labs...

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492 Exploit Author: ABDO10 Date : July, 11th 2019 Product : Tenda D301 v2 Modem Router version : v2 Vendor Homepage:...

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting

Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform:...

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting

Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492 Exploit Author: ABDO10 Date : July, 11th 2019 Product : Tenda D301 v2 Modem Router version : v2 Vendor Homepage: https://www.tp-link.com/au/home-networking/dsl-modem-router/td-w8960n/ Tested on: Linux CVE : 2019-13491 Poc...

MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyT Project Management - Userusername Stored Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://manageyourteam.net/index.html Software Link:...

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact:...

GitLab EE Cross-Site Scripting Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. A persiste...

CVE-2018-19579

GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1...

CVE-2018-19579

GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1...

CVE-2018-19579

GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1...

CVE-2018-19579

GitLab EE 11.5 is vulnerable to a persistent XSS in the Operations page; the issue is fixed in 11.5.1. Affected product: GitLab EE (11.5). Root cause: persistent XSS in Operations page. Impact: cross-site execution of injected scripts; CVSS notes Low to Medium impact depending on context. Remedia...