CVE-2017-18179

Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...

CVE-2017-18176

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1...

CVE-2017-18176

Progress Sitefinity 9.1 is affected by a cross‑site scripting (XSS) vulnerability triggered by file uploads, where JavaScript in an HTML file shares origin with the app’s code. Details from multiple sources confirm the issue and that it is fixed in Sitefinity 10.1. The root cause is an XSS condit...

CVE-2017-18176

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1...

CVE-2017-18177

Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1...

CVE-2017-18175

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration aka Templateconfiguration, as demonstrated by the src attribute of an IMG element. This is fixed in 10.1...

CVE-2017-18178

Progress Sitefinity 9.1 is affected by CVE-2017-18178, an open redirect in Authenticate/SWT where an authentication token may be sent to the redirection target when the target is specified using a particular %40 syntax. The issue is resolved in version 10.1. No exploitation details are provided i...

CVE-2017-18179

Progress Sitefinity 9.1 contains a vulnerability where wrap_access_token is a non‑expiring authentication token that remains valid after a password change or session termination and is transmitted as a GET parameter. This could enable token exposure and unauthorized access. The issue is fixed in ...

CVE-2017-18177

Progress Sitefinity 9.1 is affected by a cross-site scripting (XSS) vulnerability exposed via the Last name, First name, and About fields on the New User Creation Page. The issue arises in the 9.1 release and is fixed in version 10.1. The available connected sources consistently describe this vul...

CVE-2017-18175

Progress Sitefinity 9.1 is affected by an XSS vulnerability in the Content Management Template Configuration (aka Templateconfiguration), demonstrated via the src attribute of an IMG element. The issue is fixed in version 10.1. Exploitation details are not provided in the supplied documents.

CVE-2017-18179

Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...

Fedora 26 : flatpak (2018-b5ecac9405)

This is a security fix release that fixes a sandbox escape in the flatpak dbus proxy. This issue was found by Gabriel Campana of The Google Security Team. Major changes in 0.10.3 - Fix dbus proxy vulnerability in authentication phase - Make permission handling ignore unknown permissions for...

Fedora 27 : flatpak (2018-bd651734da)

This is a security fix release that fixes a sandbox escape in the flatpak dbus proxy. This issue was found by Gabriel Campana of The Google Security Team. Major changes in 0.10.3 - Fix dbus proxy vulnerability in authentication phase - Make permission handling ignore unknown permissions for...

Fedora 27 : libzip (2017-7bd193c0ed)

Version 1.3.0 It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are : - Support bzip2 compressed zip archives - Improve file progress callback code - Fix zipfdopen - CVE-2017-12858: Fix doubl...

Visualizing Spectre/Meltdown Impact and Remediation Progress

In order to determine the impact of Spectre/Meltdown and track remediation progress across your entire environment, it is important to visualize vulnerability detections in a dynamic dashboard. For more information on Spectre and Meltdown, please see our previous blog. Using Qualys AssetView, we...

spreenow.com XSS vulnerability

Vulnerable URL: https://www.spreenow.com/search-taobao ?s=" =" Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 29.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1392579 VIP website status:| No Coordinated...

Sitefinity CMS < 10.1.6527.0 Multiple Vulnerabilities

Sitefinity CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:progress:sitefinity"; if...

Sitefinity CMS Detection (HTTP)

HTTP based detection of Sitefinity CMS. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.140540";...

Progress Sitefinity 10.0 / 10.1 Broken Access Control / LINQ Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Broken access control & LINQ injection product: Progress Sitefinity vulnerable version: 10.0, 10.1 fixed version: =10.1.6527.0 internal build, 10.2 CVE number: - impact:...

Progress Sitefinity 10.0 / 10.1 Broken Access Control / LINQ Injection Vulnerability

Exploit for multiple platform in category web applications ======================================================================= title: Broken access control & LINQ injection product: Progress Sitefinity vulnerable version: 10.0, 10.1 fixed version: =10.1.6527.0 internal build, 10.2 CVE number:...