CVE-2017-13671

CVE-2017-13671 affects the MISP application prior to version 2.4.79, in the file app/View/Helper/CommandHelper.php . The vulnerability is a persistent cross-site scripting (XSS) flaw via the comments field. The impact is limited to users on the same instance because the comment field is not inclu...

Backdrop CMS 1.7.1 Cross Site Scripting Vulnerability

Backdrop CMS versions 1.7.1 and below suffer from a persistent cross site scripting vulnerability. I. VULNERABILITY ------------------------- Backdrop CMS Content types - Add content type And post: POST /backdrop/admin/structure/types/add HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Windows N...

Targeted Attack Landscape: A Continuing Threat

When planning the cyber defenses of an organization, it's important to factor in the total threat landscape - including continuing threats as well as emerging security issues. In this way, organizations can create a more holistic data protection posture. While not seen in many headlines currently...

Apache2Triad 1.5.4 - Multiple Vulnerabilities

Apache2Triad 1.5.4 - Multiple Vulnerabilities + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt + ISR: ApparitionSec Vendor: =============== apache2triad.net...

Apache2Triad 1.5.4 - Multiple Vulnerabilities

Exploit for php platform in category web applications + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt + ISR: ApparitionSec Vendor: =============== apache2triad.net...

Apache2Triad 1.5.4 CSRF / XSS / Session Fixation

Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt + ISR: ApparitionSec Vendor: =============== apache2triad.net https://sourceforge.net/projects/apache2triad/ Product:...

WpJobBoard v4.5.1 - Multiple Cross Site Web Vulnerabilities

Document Title: =============== WpJobBoard v4.5.1 - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1941 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15375 CVE-ID: ======= CVE-2017-15375 Release Date:...

XSS in User Macros Description Field

We received external report about XSS in User Macros Field: quote The description field in User Macros is vulnerable to persistent XSS. The XSS will be executed when the user chooses the macro from the macro selector. quote Steps to reproduce: 1 Go to http://localhost:8090/admin/usermacros.action...

Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan

Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution. Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not t...

2.x - Increasing the User Layer size for a Persistent Desktop

C drive of a 2.x desktop is running low on space...

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shai...

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shaikh...

Piwigo User Tag 0.9.0 Cross Site Scripting

Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting

Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

CVE-2017-12572

Persistent Cross Site Scripting XSS exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104...

Cross site scripting

Persistent Cross Site Scripting XSS exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104...

CVE-2017-12572

CVE-2017-12572 affects Splunk Enterprise (versions <6.5.2 for 6.5.x, <6.4.6 for 6.4.x, <6.3.9 for 6.3.x) and Splunk Light (

Cross site scripting

Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router...

CVE-2017-11320

Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router...

CVE-2017-11320

The CVE-2017-11320 entry concerns Technicolor TC7337 routers (firmware 08.89.17.20.00) with a persistent XSS vulnerability in the SSID handling. The XSS can be triggered by the SSID of nearby devices and is described as enabling DNS poisoning and credentials theft from the router. Publicly docume...