CVE-2018-18643

Removed by vendor...

CVE-2018-18643

CVE-2018-18643 affects GitLab CE & EE versions 11.2 and later, up to but not including 11.5.0-rc12, and includes 11.4.6 and 11.3.10. The vulnerability is a Persistent XSS issue described in the CVE entry. The provided connected documents confirm the existence of a persistent cross‑site scripting ...

Source Code for CARBANAK Banking Malware Found On VirusTotal

Security researchers have discovered the full source code of theCarbanak malware—yes, this time it's for real. Carbanak—sometimes referred as FIN7, Anunak or Cobalt—is one of the most full-featured, dangerous malware that belongs to an APT-style cybercriminal group involved in several attacks...

CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

CVE-2019-10893

CVE-2019-10893 affects CentOS Web Panel versions 0.9.8.793 (Free) and 0.9.8.753 (Pro). It is a stored/persistent XSS in the Admin Email field on the CWP Settings > Edit Settings screen, triggered by saving a crafted email value, with the payload executing in the admin context. Root cause state...

ThreatList: Bad Bots Account for a Fifth of All Web Traffic, FinServ Hit the Worst

About a fifth of all web traffic 20.4 percent comes from bad bots, which continue to attack daily in automated offensives on websites, mobile apps and APIs. That’s worse for some verticals, like the banking and finance sector, which was hit the hardest last year. That’s according to the Distil...

CVE-2019-6796

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 2 of 2. The user status field contains a lack of input validation and output encoding that results in a persistent XSS...

CVE-2019-6796

Removed by vendor...

PT-2019-1817 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a component of the Windows operating system, specifically the Win32k component, which has insufficient access restrictions. This can be exploited by an attacker to...

CVE-2019-10676

An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within t...

Automattic: WooCommerce: Persistent XSS via customer address (state/county)

Persistent XSS via customer address state/county ================================ CVSS ---- High 7.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Description ----------- The current version 3.5.7 of the WooCommerce WordPress plugin echoes the state/county of a customer in the admin backend withou...

CVE-2019-10261

CentOS Web Panel CWP 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action...

CVE-2019-10261

CentOS Web Panel CWP 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action...

CVE-2019-10261

CWP 0.9.8.789 is vulnerable to Stored/Persistent XSS in the DNS Functions → Edit Nameservers IPs form (Name Server 1/2). Root cause: insufficient input sanitization, enabling an attacker to store and render script payloads to other users. CVE-2019-10261 is described across multiple records with b...

CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting

CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting Exploit Title: CentOS Web Panel 0.9.8.789 - NameServer Field Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 28 - March - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software...

CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting

Exploit Title: CentOS Web Panel 0.9.8.789 - NameServer Field Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 28 - March - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com Version: 0.9.8.789 Tested on: CentOS 7 CVE :...

DEBIAN-CVE-2019-3826

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

CVE-2019-7646

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the addpackage module parameter...

CVE-2018-3969

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerabilit...