7647 matches found
CVE-2016-9126
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to...
Cross site scripting
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to...
CVE-2016-9454
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...
CVE-2016-9130
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The website name wasn't properly escaped when displayed in the campaign-zone.php script...
CVE-2016-9130
CVE-2016-9130 concerns Revive Adserver prior to 3.2.3, which is vulnerable to a Persistent XSS via the user interface due to improper escaping of the website name in campaign-zone.php. The underlying issue is a failure to escape displayed data, allowing a trusted (non-admin) attacker to inject sc...
CVE-2016-9454
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...
CVE-2016-9130
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The website name wasn't properly escaped when displayed in the campaign-zone.php script...
CVE-2016-9126
Affected software: Revive Adserver prior to 3.2.3. Issue: persistent XSS in the audit trail widget on login due to inadequate escaping of usernames; an authenticated user who can create other users could leverage this to access the administrator account. Impact (per sources): CVSS metrics show ba...
CVE-2016-9454
CVE-2016-9454 affects Revive Adserver prior to version 3.2.3, where the banner image URL for external banners could be improperly escaped in most banner-related pages, enabling a persistent XSS via the Revive Adserver user interface. The vulnerability requires a trusted, non-admin account and is ...
CVE-2016-9126
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to...
Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability
Document Title: =============== Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2046 Release Date: ============= 2017-03-28 Vulnerability Laboratory ID VL-ID: ====================================...
OnePlus 3/3T open up an ADB session without authorization (CVE-2017-5622)
Last month we published CVE-2017-5626 patched in OxygenOS 4.0.2, a vulnerability which allowed attackers to effectively unlock a OnePlus 3/3T device without a factory reset. Combining this with our also discovered CVE-2017-5624 patched in OxygenOS 4.0.3 enabled a powerful attack against locked...
Create non-persistent vm on XenServer
You can create a non-persistent XenServer VM by setting the VDI param to on-boot=reset VM will reset to original state after each reboot...
Unpatchable 'DoubleAgent' Attack Can Hijack All Windows Versions — Even Your Antivirus!
A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer. Dubbed DoubleAgent, the new injecting code technique works on all versions of Microsoft Windows operating...
Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability
Document Title: =============== Zenario v7.6 - Delete Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2042 Release Date: ============= 2017-03-20 Vulnerability Laboratory ID VL-ID: ====================================...
Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability
Document Title: =============== Zenario v7.6 - Delete Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2042 Release Date: ============= 2017-03-20 Vulnerability Laboratory ID VL-ID: ====================================...
Zenario v7.6 - Persistent Cross Site Scripting Vulnerability
Document Title: =============== Zenario v7.6 - Persistent Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2044 https://github.com/TribalSystems/Zenario/commit/cd60f1c8a179ebb779fe0acc051b93f477129b1a Release Date:...
Privilege escalation
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
CVE-2017-5624
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery
!-- + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FTP-VOYAGER-SCHEDULER-CSRF-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ============== solarwinds.com www.serv-u.com Product: ==================== FTP Voyager...