CVE-2018-16050

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View...

Cross site scripting

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View...

CVE-2018-16050

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View...

CVE-2018-16050

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View...

CVE-2018-16050

Removed by vendor...

CentOS Update for 389-ds-base CESA-2018:2757 centos7

Check the version of 389-ds-base SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882954";...

Billion ADSL Router 400G 20151105641 - Cross-Site Scripting

Billion ADSL Router 400G 20151105641 - Cross-Site Scripting Exploit Title: Billion ADSL Router 400G 20151105641 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-30 Vendor Homepage: http://www.billion.com Software Link: http://billionfirmware.co.za Tested Version: 20151105641 Tested on...

Billion ADSL Router 400G 20151105641 Cross Site Scripting

Exploit Title: Billion ADSL Router 400G 20151105641 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-30 Vendor Homepage: http://www.billion.com Software Link: http://billionfirmware.co.za Tested Version: 20151105641 Tested on OS: Kali Linux CVE: N/A Description: Improper input...

Gitlab -- multiple vulnerabilities

Gitlab reports: SSRF GCP access token disclosure Persistent XSS on issue details Diff formatter DoS in Sidekiq jobs Confidential information disclosure in events API endpoint validatelocalhost function in urlblocker.rb could be bypassed Slack integration CSRF Oauth2 GRPC::Unknown logging token...

Billion ADSL Router 400G 20151105641 - Cross-Site Scripting

Exploit Title: Billion ADSL Router 400G 20151105641 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-30 Vendor Homepage: http://www.billion.com Software Link: http://billionfirmware.co.za Tested Version: 20151105641 Tested on OS: Kali Linux CVE: N/A Description: Improper input...

389 security update

CentOS Errata and Security Advisory CESA-2018:2757 An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

RHEL 7 : 389-ds-base (RHSA-2018:2757)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2757 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...

389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly

A double-free of a password policy structure was found in the way slapd was handling certain errors during persistent search. A unauthenticated attacker could use this flaw to crash Directory Server...

389-ds-base: race condition on reference counter leads to DoS using persistent search

A race condition was found in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service...

Vanilla: Persistent XSS via Signatures

Description ----------- The current version of the signature plugin 1.6.1 is vulnerable to persistent XSS as the Format parameter is echoed without encoding. POC --- Prerequisite: Enable the Signatures plugin To place the payload, the following request can be used it's simply the request that is...

8x8: Stored Cross Site Scripting.

Hellow team I got Stored based XSS on your web :D Here Is Step : 1. Go to https://www.easycontactnow.com/ 2. Click "Try For Free" Sign Up 3. It will told you "Enter your details to get started". So Enter your full name like : "alert1 Then put all the other details. 4. Then Confirm your id and...

Apple iOS Accounts Component Information Disclosure Vulnerability

Apple iOS is an operating system developed by Apple Inc. for mobile devices, and Accounts is one of the user account components. A security vulnerability exists in the Accounts component in versions of Apple iOS prior to 12. The vulnerability can be exploited by an attacker to read persistent...

Cross site scripting

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...

CVE-2018-17128

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...

CVE-2018-17128

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...