Cross site scripting

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...

Cross site scripting

Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field e.g., Satellite name, and then restoring the...

CVE-2018-19391

The CVE-2018-19391 entry concerns Cobham Satcom Sailor 250 and Sailor 500 devices with persistent cross-site scripting (XSS) in firmware before 1.25. An unauthenticated attacker can exploit this via the /index.lua?pageID=Phone%20book name field to inject JavaScript. Connected CNVD/NVD records con...

Arjun v1.3 - HTTP Parameter Discovery Suite

Features Multi-threading 4 modes of detection A typical scan takes 30 seconds Regex powered heuristic scanning Huge list of 25,980 parameter names Makes just 30-35 requests to the target Usage Note: Arjun doesn't work with python 3.4 Discover parameters To find GET parameters, you can simply do:...

CVE-2019-9558

Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting XSS via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

CVE-2019-9725

The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...

Design/Logic Flaw

The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...

Cross site scripting

Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting XSS via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

CVE-2019-9558

Mailtraq WebMail 2.17.7.3550 is affected by a Persistent Cross Site Scripting (XSS) vulnerability that can be triggered when a user opens an email containing malicious Javascript inserted as an iframe in the email body. The issue is server-side processing of email content that leads to XSS, enabl...

CVE-2019-9725

The CVE-2019-9725 entry describes a Persistent XSS flaw in the Web manager (Commander) of Korenix JetPort 5601 and 5601f devices, exploitable via the Port Alias field under Serial Setting. Affected component: Web UI; root cause: input in Port Alias not properly sanitized, enabling stored/reflecti...

CVE-2019-9725

The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...

Cross site scripting

Ability Mail Server 4.2.6 has Persistent Cross Site Scripting XSS via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

CVE-2019-9557

Ability Mail Server 4.2.6 has Persistent Cross Site Scripting XSS via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

Sparkasse - Multiple Persistent Cross Site Vulnerabilities

Document Title: =============== Sparkasse - Multiple Persistent Cross Site Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2173 Release Date: ============= 2019-03-07 Vulnerability Laboratory ID VL-ID: ===================================...

Sparkasse Cross Site Scripting

Document Title: =============== Sparkasse - Multiple Persistent Cross Site Scripting Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2173 Release Date: ============= 2019-03-07 Vulnerability Laboratory ID VL-ID:...

Sparkasse - Multiple Persistent Cross Site Vulnerabilities

Document Title: =============== Sparkasse - Multiple Persistent Cross Site Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2173 Release Date: ============= 2019-03-07 Vulnerability Laboratory ID VL-ID: ===================================...

WordPress Forminator Plugin CVE-2019-9567

Description Custom fields of a poll are not properly encoded when showing results of a poll, leading to persistent XSS. Successful exploitation allows an unauthenticated attacker to execute JavaScript in the context of the application in the name of an attacked user. This in turn enables an...

Splunk Enterprise 7.2.4 Remote Code Execution

!/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link:...

Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor Custom Binary)

Splunk Enterprise 7.2.4 - Custom App Remote Command Execution Persistent Backdoor Custom Binary !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vend...

Mailtraq WebMail 2.17.7.3550 Cross Site Scripting

Exploit Title: Persistent Cross Site Scripting XSS - Mailtraq WebMail version 2.17.7.3550 CVE: CVE-2019-9558 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.mailtraq.com/mail-server-software Category: webapps Attack Type: Remote Impact:...