7648 matches found
CVE-2018-17256
Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...
kubernetes: authentication/authorization bypass in the handling of non-101 responses
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...
kubernetes: authentication/authorization bypass in the handling of non-101 responses
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...
DirtyCOW Bug Drives Attackers to A Backdoor in Vulnerable Drupal Web Servers
In this post we’ll unpack a short -- but no less serious -- attack that affected some Linux-based systems, on October 31. Throughout the campaign, the attacker used a chain of vulnerabilities including the infamous Drupalgeddon2 and DirtyCOW, and system misconfigurations to persistently infect...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Persistent XSS Autocompletion Unauthorized service template creation...
Cross site scripting
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php...
CVE-2018-15713
CVE-2018-15713 affects Nagios XI 5.5.6 and enables a persistent cross-site scripting vulnerability via the stored email address in admin/users.php. The NVD entry indicates a MEDIUM overall impact (CVSSv3.0: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N; base score 5.4) requiring remote access with low priv...
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user...
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an accoun...
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an account on the following url:...
WP Master Slider v3.5.1 - Cross Site Scripting Vulnerability
Document Title: =============== WP Master Slider v3.5.1 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2158 Reference: https://wordpress.org/support/?posttype=topic&p=10874555...
Emotet Campaign Ramps Up with Mass Email Harvesting Module
A large-scale spam campaign has launched, spreading the Emotet banking trojan. Worryingly, the offensive has launched about a week after a fresh module for mass email-harvesting was detected for the malware. Emotet is technically a banking trojan, but it’s most often used as a dropper for a varie...
CVE-2018-19080
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS...
Cross site scripting
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS...
CVE-2018-19080
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS...
EulerOS 2.0 SP3 : 389-ds-base (EulerOS-SA-2018-1365)
According to the versions of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - race condition on reference counter leads to DoS using persistent search CVE-2018-10850 - ldapsearch with server side sort allows users to...
EulerOS 2.0 SP2 : 389-ds-base (EulerOS-SA-2018-1357)
According to the versions of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - race condition on reference counter leads to DoS using persistent search CVE-2018-10850 - Server crash through modify command with large DN...
CVE-2018-6906
A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...
CVE-2018-18868
No-CMS 1.1.3 is prone to Persistent XSS via a contactus name parameter, as demonstrated by the VG48Z5PqVWname parameter...
CVE-2018-18868
No-CMS 1.1.3 is prone to Persistent XSS via a contactus name parameter, as demonstrated by the VG48Z5PqVWname parameter...