7648 matches found
GHSA-GP82-XR77-88F4 radiant vulnerable to Cross-site Scripting
There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences Name and Username and Configuration Site Title, Dev Site Domain, Page Parts, and Page Fields...
FreeBSD : Gitlab -- multiple vulnerabilities (2da838f9-9168-11e8-8c75-d8cb8abf62dd)
Gitlab reports : Markdown DoS Information Disclosure Prometheus Metrics CSRF in System Hooks Persistent XSS Pipeline Tooltip Persistent XSS in Branch Name via Web IDE Persistent XSS in Branch Name via Web IDE C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CVE-2017-2589
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...
Gitlab -- multiple vulnerabilities
Gitlab reports: Markdown DoS Information Disclosure Prometheus Metrics CSRF in System Hooks Persistent XSS Pipeline Tooltip Persistent XSS in Branch Name via Web IDE Persistent XSS in Branch Name via Web IDE...
Barracuda Cloud 3.0.020 - Contents Persistent Vulnerability
Document Title: =============== Barracuda Cloud 3.0.020 - Contents Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=782 Release Date: ============= 2018-07-24 Vulnerability Laboratory ID VL-ID: ====================================...
Cross site scripting
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formnickname parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server"...
Barracuda Cloud ESS 2.x - Multiple Cross Site Vulnerabilities
Document Title: =============== Barracuda Cloud ESS 2.x - Multiple Cross Site Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=742 Barracuda Networks Security ID: BNSEC-671 Release Date: ============= 2018-07-23 Vulnerability Laboratory ID...
Barracuda Cloud 3.0.020 - Persistent XSS Vulnerability
Document Title: =============== Barracuda Cloud 3.0.020 - Persistent XSS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=782 Release Date: ============= 2018-07-23 Vulnerability Laboratory ID VL-ID: ==================================== 782...
PT-2018-12556 · Wuzhi · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: A persistent XSS issue allows remote attackers to inject arbitrary web script or HTML via the formnickname parameter to the "index.php?m=core&f=set&v=sendmail" API endpoint. The XSS payload is triggered wh...
CVE-2018-5532
On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name...
Adobe Systems Main lead DBMS Arbitrary Code Injection
Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...
WordPress All In One Favicon 4.6 Cross Site Scripting
Exploit Title: WordPress Plugin All In One Favicon = 4.6 - Authenticated Multiple XSS Persistent Date: 2018-07-10 Exploit Author: Javier Olmedo Website: https://hackpuntes.com/ Vendor Homepage: http://www.techotronic.de/ Software Link: https://wordpress.org/plugins/all-in-one-favicon/ Version/s:...
Adobe Systems - Arbitrary Code Injection Vulnerability
Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...
WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting
Exploit Title: WordPress Plugin All In One Favicon = 4.6 - Authenticated Multiple XSS Persistent Date: 2018-07-10 Exploit Author: Javier Olmedo Website: https://hackpuntes.com/ Vendor Homepage: http://www.techotronic.de/ Software Link: https://wordpress.org/plugins/all-in-one-favicon/ Version/s:...
Shopify - Persistent XML Cross Site Scripting Vulnerability
Document Title: =============== Shopify - Persistent XML Cross Site Scripting Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1983 Video: https://www.youtube.com/watch?v=LDiXveqQ0gg Release Date: ============= 2018-07-18 Vulnerability Laboratory ID VL-ID:...
GhostMail Filename To Link Script Insertion
Document Title: =============== GhostMail - filename to link POST Inject Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1471 Release Date: ============= 2018-06-26 Vulnerability Laboratory ID VL-ID: ====================================...
Shopify - Persistent XML Cross Site Scripting Vulnerability
Document Title: =============== Shopify - Persistent XML Cross Site Scripting Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1983 Video: https://www.youtube.com/watch?v=LDiXveqQ0gg Release Date: ============= 2018-07-17 Vulnerability Laboratory ID VL-ID:...
Cross site scripting
Multiple Persistent cross-site scripting XSS issues in the Techotronic all-in-one-favicon aka All In One Favicon plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text...
CVE-2018-13832
Multiple Persistent cross-site scripting XSS issues in the Techotronic all-in-one-favicon aka All In One Favicon plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text...
Threat Roundup for July 6-13
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this week — covering the dates between July 6 and 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed ...