jira2.salt-solutions.de XSS vulnerability

Open Bug Bounty ID: OBB-604416 Description| Value ---|--- Affected Website:| jira2.salt-solutions.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

cc.kebei:onion-expands-compress (>=3.0.0 <=3.0.6), com.aftia.plugin:aem-build-maven-plugin.core (>=1.1.1 <=1.2.2) +90 more potentially affected by CVE-2018-1002201 via org.zeroturnaround:zt-zip (>=1.10 <=1.12)

org.zeroturnaround:zt-zip MAVEN version =1.10, =3.0.0, =1.1.1, =5.0, =2.1.6, =3.6.1, =0.1.4, =1.0.3, =1.0.0, =1.0, =1.1 and more Source cves: CVE-2018-1002201 Source advisory: SNYK:JAVA-ORGZEROTURNAROUND-31681...

au.net.causal.maven.plugins:boxdb-maven-plugin (>=1.0 <=3.3), au.net.causal.maven.plugins:browserbox-maven-plugin (=1.0) +572 more potentially affected by CVE-2018-1002200 via org.codehaus.plexus:plexus-archiver (>=3.0 <=3.5)

org.codehaus.plexus:plexus-archiver MAVEN version =3.0, =1.0, =0.7.8, =0.6.0, =0.6.0, =0.6.0, =1.4.14, =1.2.1, =1.20, =0.0.3, =0.0.21, =0.0.3, =0.0.3, =0.0.3, =0.0.16 and more Source cves: CVE-2018-1002200 Source advisory: SNYK:JAVA-ORGCODEHAUSPLEXUS-31680...

Cross site scripting

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php...

Adobe Flash Player <= 29.0.0.113 (APSB18-08)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.113. It is therefore affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

UPDATE: OWASP Dependency-Check 3.1.2

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.2! Most importantly NVD urls were...

WolfCMS 0.8.3.1 - Cross-Site Request Forgery

Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: Affected Version: 0.8.3.1 Category: WebApps Tested on: Win7 Enterprise x86/Kali...

WolfCMS 0.8.3.1 - Cross-Site Request Forgery

WolfCMS 0.8.3.1 - Cross-Site Request Forgery Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: Affected Version: 0.8.3.1 Category:...

WolfCMS 0.8.3.1 Cross Site Request Forgery

Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: https://bitbucket.org/wolfcms/wolf-cms-downloads/downloads/wolfcms-0.8.3.1.zip...

[SECURITY] Fedora 28 Update: kst-2.0.8-20.fc28

Kst is a real-time data viewing and plotting tool with basic data analysis functionality. Kst contains many powerful built-in features and is expandable with plugins and extensions. Main features of kst include: Robust plotting of live "streaming" data. Powerful keyboard and mouse plot...

OpenVAS Knowledge Base become smaller

At 23 January Jan Oliver Wagner, leader of OpenVAS project and Greenbone CEO, sent an email with a subject "Attic Cleanup". In this message, he mentioned, that some NASL plugins will be excluded from the public NVT / Greenbone Community Feed GCF soon. On the one hand it seems logical. These old...

CVE-2018-1142

Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins...

[R1] Tenable Appliance 4.7.0 Fixes One Vulnerability

Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins...

Mooscan - A Scanner For Moodle LMS

A scanning tool for Moodle LMS. Key Benefits Allows administrators to determine exactly what is visible externally in their Moodle installation. A tool for penetration testers to find potential vulnerabilities in a Moodle installation by enumerating installed plugins, themes and libraries. Road M...

Ajenti Arbitrary Plugin Download Vulnerability

Ajenti is a Web-based open source server management system developed by Belarusian software developer Eugene Pankov. The system comes with a variety of pre-built plug-ins for configuring and monitoring server software and services such as Apache, scheduled tasks Cron and so on. A security...

Researchers Show How Popular Text Editors Can Be Attacked Via Third-Party Plugins

Security risks in popular extensible text editors allow hackers to abuse plugins and escalate privileges on targeted systems, according to new research from SafeBreach. Inadequate separation of regular and elevated access modes used in editors and a lack of folder permissions integrity allow...

Plugins for Popular Text Editors Could Help Hackers Gain Elevated Privileges

Whether you're a developer, designer or a writer, a good text editor always help you save time and make you work more efficiently. For example, I use Sublime a lot while programming because it includes some useful tools like 'syntax highlighting' and 'autocomplete' that every advanced text editor...

Insecure Permissions

ajenti.plugin.plugins has insecure permissions when downloading plugins. An attacker can download and install any plugin to the server if they know how the request is made. There is no check to ensure that it is an admin downloading the plugin. Attackers could exploit this vulnerability to instal...

Micro Focus NetIQ Identity Manager Plugins Information Disclosure Vulnerability

Micro Focus NetIQ Identity Manager is a suite of identity management solutions from Micro Focus in the United Kingdom. The solution provides the foundation for account provisioning, user self-service, authorization, and Web services, and supports data sharing and synchronization.NetIQ Identity...

airflow-plugins (=0.1.3), tf-run-manager (>=1.0.0 <=2.1.6) potentially affected by CVE-2018-7750 via paramiko (=2.3.1)

paramiko PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on paramiko and may be impacted: - airflow-plugins =0.1.3 - tf-run-manager =1.0.0, =2.1.6 Source cves: CVE-2018-7750 Source advisory: OSV:PYSEC-2018-19...