CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

Design/Logic Flaw

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

Weblate: Improper Cookie expiration | Cookies Expiration Set to Future

Hi Team, I have found at many instances or places from signup till getting logged into application in domain "demo.weblate.org" that session maintaining cookies such as csrf token and session id's expiration dates are set to future date. As part of secure session management one should prohibit or...

Simple ASC CMS 1.2 Cross Site Scripting

Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 Release Date: ============= 2017-05-21 Vulnerability Laboratory ID VL-ID: ====================================...

Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability

Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15947 CVE-ID: ======= CVE-2017-15947 Release Date:...

Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability

Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15947 CVE-ID: ======= CVE-2017-15947 Release Date:...

WordPress EELV Newsletter 4.5 XSS / CSRF

Document Title: =============== Wordpress EELV Newsletter v4.5 - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2069 Release Date: ============= 2017-05-15 Vulnerability Laboratory ID VL-ID: ====================================...

INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields

Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on a record and open its page 4. Go to "Comments" tab 4. Click the add new comment...

QuickBooks Recipe

QuickBooks is an application that licenses and registers to the volume serial number of the local hard disk. When the license is created an encrypted file is stored that can only be unencrypted if the volume serial number matches the system it was installed on. When Unidesk creates a new desktop,...

Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Cyber espionage actors, now designated by FireEye as APT32 OceanLotus Group, are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of...

CVE-2017-3732

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

Not all Cloud Solutions are Created Equal

The errant swing of a backhoe in a New Jersey field cuts through a major cloud provider's underground cable, bringing activity along the U.S. Eastern Seaboard to a crashing halt. The outage hits some businesses hard. Every minute of downtime means thousands of dollars of lost revenue and hordes o...

CVE-2017-7430

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework...

CVE-2017-7430

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework...

Zenario 7.6 Cross Site Scripting

Document Title: =============== Zenario v7.6 - Delete Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2042 Release Date: ============= 2017-03-20 Vulnerability Laboratory ID VL-ID: ====================================...

Zenario 7.6 Persistent Cross Site Scripting

Document Title: =============== Zenario v7.6 - Persistent Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2044 https://github.com/TribalSystems/Zenario/commit/cd60f1c8a179ebb779fe0acc051b93f477129b1a Release Date:...

teenslang.su XSS vulnerability

Vulnerable URL: http://teenslang.su/index.php?searchstr== Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 47050 VIP website status:| Yes Check teenslang.su SSL connection:| Grade: C...

CVE-2017-2330

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves,...