7647 matches found
Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting
// Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//' // out, grab yours ! +--- it will cause the browser to...
Technicolor TC7337 - SSID Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications // Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//' //...
Unikrn: Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.
Description Hi. Today i looked to some outscope subdomains .pinion.gg for recon purposes. I discovered an interesting file on http://templ4d2.pinion.gg/motd2.manifest with next content: CACHE MANIFEST 2014-07-07 CACHE: http://bin.pinion.gg/bin/companions.min.js...
App Layering: Recipe for QuickBooks
QuickBooks is an application that licenses and registers to the volume serial number of the local hard disk. When the license is created an encrypted file is stored that can only be unencrypted if the volume serial number matches the system it was installed on. When Unidesk creates a new desktop,...
Attack Uses Docker Containers To Hide, Persist and Plant Malware
LAS VEGAS—A novel attack vector allows for adversaries to abuse the Docker API to hide malware on targeted systems, and even execute remote code. The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce,...
Cross site scripting
Multiple Persistent cross-site scripting XSS vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog...
CVE-2017-11687
Summary: CVE-2017-11687 concerns Zoho ManageEngine Event Log Analyzer (versions 11.4 and 11.5). The cited sources describe a persistent cross-site scripting (XSS) vulnerability in the Event Log Parser and the Display function, allowing remote attackers to inject arbitrary web script or HTML via s...
CVE-2017-11641
GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixelcache.c during writing of Magick Persistent Cache MPC files...
DEBIAN-CVE-2017-11641
GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixelcache.c during writing of Magick Persistent Cache MPC files...
Cross site scripting
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...
Cross site scripting
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...
Xenforo Forum CMS 1.5.13 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications +---------------------------------------------------------+ | Vulnerable Software: Xenforo Forum CMS | | Vendor: http://xenforo.com | | Vulnerability Type: Persistent XSS authenticated | | Date Released: 07/04/2017 | | Released by: MLT |...
Keybase: Persistent XSS on keybase.io via "payload" field in `/user/sigchain_signature.toffee` template
Issue Keybase allows you to see other users' sigchains by navigating to /sigchain. The "Payload" field containing JSON related to the chainlink on the right side of the page is not correctly escaped during templating, leading to a persistent XSS as users have a high degree of control over the...
Unidesk Recipe for NP Desktop Logon Time Optimization v3
One very popular use case for VDI is for kiosk or lab machines. Uses for these types of desktops include classroom labs, library access and general computing in schools and corporations. Architects and Administrators of these types of use cases generally want to be able to define default...
Cross site scripting
Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting XSS in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has...
Pornhub: Stored XSS in the any user profile using website link
The researcher discovered a stored XSS in the Website field of a user's profile page. I discovered Stored XSS attack vector in the user profile page using Website field. A similar bug was fixed several months ago i got a Duplicate in that time, but after some time I checked this again, and... the...
Composr CMS v10.0.0 XSS Vulnerability
Composr CMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:composr:cms";...
Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload
Technical Details & Description: ================================ The security risk of the xss vulnerability is estimated as medium with a common vulnerability scoring system count of 3.6. Exploitation of the persistent xss web vulnerability requires a limited editor user account with low...
Evolution Script CMS 5.3 Cross Site Scripting
Document Title: =============== Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2075 Release Date: ============= 2017-06-07 Vulnerability Laboratory ID VL-ID:...
Craft CMS 2.6 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload Date: 2017-06-08 Exploit Author: Ahsan Tahir Vendor Homepage: https://craftcms.com Software Link: http://download.craftcdn.com/craft/2.6/2.6.2981/Craft-2.6.2981.zip...