Anghami - Persistent Input Validation Vulnerability

Document Title: =============== Anghami - Persistent Input Validation Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2144 View Video: https://www.youtube.com/watch?v=7CnXLxs6CXo Release Date: ============= 2018-08-27 Vulnerability Laboratory ID VL-ID:...

Cross site scripting

Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter...

CVE-2018-15602

Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter...

CVE-2018-15602

Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter...

CVE-2018-15602

Affected product: Zyxel VMG3312 B10B gateway devices. vulnerability: persistent cross-site scripting (XSS) in the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. Root cause: improper handling of the hostname parameter leads to script/HTML injection. Impact stated in sour...

Anghami - Persistent Input Validation Vulnerability

Document Title: =============== Anghami - Persistent Input Validation Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2144 View Video: https://www.youtube.com/watch?v=7CnXLxs6CXo Release Date: ============= 2018-08-26 Vulnerability Laboratory ID VL-ID:...

Countly Cross Site Scripting

Exploit Title: Countly-server StoredPersistent XSS Vulnerability Date: Monday - 2018 13 August Author: 10:10AM Team Discovered By: Sleepy Software Link: https://github.com/Countly/countly-server Version: All Version Category: Web-apps Security Risk: Critical Tested on: GNU/Linux Ubuntu 16.04 - wi...

Network Weathermap Persistent Cross-Site Scripting (CVE-2013-2618)

A cross-site scripting vulnerability has been reported in Network Weathermap. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

IBM Sterling B2B Integrator 5.2.0.15.2.6.3 - Cross-Site Scripting

IBM Sterling B2B Integrator 5.2.0.15.2.6.3 - Cross-Site Scripting Exploit Title: IBM Sterling B2B Integrator persistent cross-site scripting Exploit Author: Vikas Khanna https://www.linkedin.com/in/leetvikaskhanna/ https://twitter.com/MRSHANUKHANNA Vendor Homepage:...

IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: IBM Sterling B2B Integrator persistent cross-site scripting Exploit Author: Vikas Khanna https://www.linkedin.com/in/leetvikaskhanna/ https://twitter.com/MRSHANUKHANNA Vendor Homepage:...

CVE-2018-12607

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding...

CVE-2018-12606

GitLab CE/EE versions prior to 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1 contain a persistent XSS in the wiki due to lack of output encoding in a specific markdown feature. Mitigation: upgrade to 10.7.6, 10.8.5, or 11.0.1+ (the fixed versions). Other details across sources corroborate ...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

CVE-2018-0407

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

CVE-2018-0407

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Build Your Own Botnet: BYOB

BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability ...

CVE-2018-12944

Persistent Cross-Site Scripting XSS vulnerability in the "Categories" feature in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field...

Samsung SmartThings Hub video-core Camera Update Code Execution Vulnerabilities(CVE-2018-3903 - CVE-2018-3904)

Summary Multiple exploitable buffer overflow vulnerabilities exist in the camera "update" feature of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

Microsoft Wireless Display Adapter 2 Command Injection / Broken Access Control Vulnerability

Exploit for windows platform in category remote exploits Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 Affected Products: Microsoft Wireless Display Adapter V2: - Microsoft Wireless Display Adapter V2 Softwareversion 2.0.835...

Microsoft Wireless Display Adapter 2 Command Injection / Broken Access Control

secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 Affected Products: Microsoft Wireless Display Adapter V2: - Microsoft Wireless Display Adapter V2 Softwareversion 2.0.8350 to 2.0.8372 have been tested and a...