CVE-2018-13000

An XSS issue was discovered in Advanced Electron Forum AEF v1.0.9. A persistent XSS vulnerability is located in the FTP Link element of the Private Message module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to injec...

CVE-2018-13001

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability...

CVE-2018-13002

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-13001

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability...

CVE-2018-13001

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability...

CVE-2018-13002

The CVE-2018-13002 entry concerns Weblication CMS Core & Grid v12.6.24. A cross-site scripting (XSS) flaw exists in the wFilemanager.php and index.php files within the /grid5/scripts/ module. The vulnerability targets the Project Title field in the Inhaltsprojekte listing, allowing remote attacke...

How to Save CDF Monitor Logs On A UNC Network Share

Due to local disk space constraints or for Non-Persistent VDA's administrator may want to save the CDF Monitor logs on a UNC network share...

CVE-2018-12903

In CyberArk Endpoint Privilege Manager formerly Viewfinity 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts-DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application...

Privilege escalation

In CyberArk Endpoint Privilege Manager formerly Viewfinity 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts-DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application...

CVE-2018-12903

CVE-2018-12903 concerns CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603. The vulnerability is a persistent cross‑site scripting (XSS) found on UI surfaces: the create token screen, VfManager.asmx SelectAccounts->DisplayName, user groups on ConfigurationPage, the Dialog Tit...

CVE-2018-12903

In CyberArk Endpoint Privilege Manager formerly Viewfinity 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts-DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application...

Magento - Filter Bypass & Persistent Web Vulnerabilities

Document Title: =============== Magento - Filter Bypass & Persistent Web Vulnerabilities References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1916 Videos: 4 x Proof of Concept https://www.youtube.com/watch?v=WIDwbSTCLQ https://www.youtube.com/watch?v=zaPRfvNQJzk...

telekom.turtl.co XSS vulnerability

Open Bug Bounty ID: OBB-636625 Description| Value ---|--- Affected Website:| telekom.turtl.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Magento - Filter Bypass & Persistent Web Vulnerabilities

Document Title: =============== Magento - Filter Bypass & Persistent Web Vulnerabilities References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1916 Videos: 4 x Proof of Concept https://www.youtube.com/watch?v=WIDwbSTCLQ https://www.youtube.com/watch?v=zaPRfvNQJzk...

Gitlab -- multiple vulnerabilities

Gitlab reports: Wiki XSS Sanitize gem updates XSS in urlforparams Content injection via username Activity feed publicly displaying internal project names Persistent XSS in charts...

GhostMail - (Filename to Link) Cross Site Web Vulnerability

Document Title: =============== GhostMail - Filename to Link Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1471 Release Date: ============= 2018-06-25 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2018-12538

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's...

Design/Logic Flaw

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's...

Salesforce RegistrationForm - Persistent Web Vulnerability

Document Title: =============== Salesforce RegistrationForm - Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2054 Salesforce Security ID: 219513 Release Date: ============= 2018-06-22 Vulnerability Laboratory ID VL-ID:...

PayPal (Notify) - Bypass & Persistent Web Vulnerability

Document Title: =============== PayPal Notify - Bypass & Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1640 Video: http://www.vulnerability-lab.com/getcontent.php?id=1639 Release Date: ============= 2018-06-22 Vulnerability...