CVE-2018-19579

Removed by vendor...

CVE-2018-19493

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding...

CVE-2018-19493

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding...

Cell Networks Hacked by (Probable) Nation-State Attackers

A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records -- including times and...

Insecure Cookie Management

hawtio uses insecure cookie management. The vulnerability exists because a persistent cookie store that stores cookies locally results in all clients of the proxy to share the same cookies which allows an attacker to access the cookie information...

The Logic of a Classic Advanced Persistent Threat Attack

By David Balaban Story of an Advanced Persistent Threat attack against a large corporation that started with a series of blank emails. Advanced persistent threats APTs are increasingly targeting enterprise networks nowadays. This article highlights a recent attack against a large, well-protected...

Symantec DLP 15.5 MP1 - Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Persistent XSS on Symantec DLP = 15.5 MP1 Exploit Author: Chapman Schleiss Vendor Homepage: https://www.symantec.com/ Software Link: https://support.symantec.com/us/en/mysymantec.html Version: = 15.5 MP1 CVE : 2019-9701...

Symantec DLP 15.5 MP1 - Cross-Site Scripting

Symantec DLP 15.5 MP1 - Cross-Site Scripting Exploit Title: Persistent XSS on Symantec DLP = 15.5 MP1 Date: 2019-06-21 Exploit Author: Chapman Schleiss Vendor Homepage: https://www.symantec.com/ Software Link: https://support.symantec.com/us/en/mysymantec.html Version: = 15.5 MP1 CVE : 2019-9701...

Symantec DLP 15.5 MP1 - Cross-Site Scripting

Exploit Title: Persistent XSS on Symantec DLP = 15.5 MP1 Date: 2019-06-21 Exploit Author: Chapman Schleiss Vendor Homepage: https://www.symantec.com/ Software Link: https://support.symantec.com/us/en/mysymantec.html Version: = 15.5 MP1 CVE : 2019-9701 Advisory-URL:...

Reference: TaoSecurity Research

I started publishing my thoughts and findings on digital security in 1999. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here. 2015 and later: Please visit Academia.edu for Mr. Bejtlich's most recent research. 2014...

Ninja Turtles in your network: LAN Turtle 3G. A how-to for red teaming

Introduction This post will detail how to configure and utilise a LAN turtle 3G from Hak 5 to gain a persistent, remotely accessible presence within a network. With ethernet ports becoming less common on new hardware, many people have been forced into deploying an array of various dongles and...

Carpool Web App 1.0 Cross Site Scripting / SQL Injection

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Carpool Web App Persistent Cross-Site Scripting - Sql Injection Vulnerability Date: 29/06/2019 Url Vendor: http://www.prosentient.com.au/ Vendor...

CVE-2019-10175

A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...

CVE-2019-10175

A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...

Information disclosure

A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in...

CVE-2019-10175

A flaw was found in the containerized-data-importer where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim PVC in the source namespace. This could allow users to clone any PVC in the cluster into their own...

SeedDMS < 5.1.11 - (out.UsrMgr.php) Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.UsrMgr.php in SeedDMS before 5.1.11 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org Software Link:...

SeedDMS < 5.1.11 - (out.GroupMgr.php) Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org Software Link:...

SeedDMS 5.1.11 - out.UsrMgr.php Cross-Site Scripting

SeedDMS 5.1.11 - out.UsrMgr.php Cross-Site Scripting Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.UsrMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 20-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org...

SeedDMS &lt; 5.1.11 - &#039;out.GroupMgr.php&#039; Cross-Site Scripting

Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 17-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org Software Link:...