21 matches found
metasploit-framework
This repository is an offensive tool for Metasploit Framework. It is a collection of files and workflows used to build and test the Metasploit Framework, a penetration testing tool. The repository contains various templates for reporting issues, suggesting new features, and submitting pull...
CVE-2020-16099
In Gallagher Command Centre v8.20 prior to v8.20.1093MR2 it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect...
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type
Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...
GHSA-RHM7-7469-RCPW Persistent Cross-site Scripting in eZ Platform Rich Text Field Type
Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Impact The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have the required permission. It is not persistent, i.e. the payload is only executed during the uploa...
GATOR - GCP Attack Toolkit For Offensive Research, A Tool Designed To Aid In Research And Exploiting Google Cloud Environments
GATOR - GCP Attack Toolkit for Offensive Research , a tool designed to aid in research and exploiting Google Cloud Environments. It offers a comprehensive range of modules tailored to support users in various attack stages, spanning from Reconnaissance to Impact. Modules Resource Category |...
Open redirect on government website sends users to adult content
Fake websites and open redirects have conspired to make things awkward for a UKGOV website. The site in question, riverconditionsdotenvironment-agencydotgovdotuk, was being abused in search engine results to redirect to various sites which arent associated with UKGOV--most of which were adult...
/user/sessions endpoint allows detecting valid accounts
This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the respons...
Citrix XenServer Multiple Security Updates
Description of Problem Two issues have been identified within Citrix XenServer, which could, if exploited, allow unprivileged code in a PV guest VM to cause the host to crash or become unresponsive. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and...
How to Troubleshoot Citrix ADC(NetScaler) Reporting Tab Related Issues
This article describes how to troubleshoot NetScaler Reporting tab related issues. An example scenario used in this article is when users go to Reporting tab on NetScaler and it does show any data or reports...
Veeam ONE 7.0 Patch 2 Release Notes
Challenge Release Notes for Veeam ONE 7.0 Patch 2. Cause Please confirm you are running Veeam ONE 7 or Veeam ONE 7R2 prior to installing this update. You can check this under Help | About in Veeam ONE Monitor Client, the build number should be 7.0.0.xxx. After upgrading, your version build will b...
Phabricator: Abusing VCS control on phabricator
My reporting skills suck but I tried to make a clear report. Please let me know if you need any further clarifications...
KDE Paste Applet
The paste applet included with kdeplasma-addons allows you to define macros that will copy some generated data into the clipboard, using simple macros to define the source and format of the data. The available macros include password... which generates "random" passwords. Here is the code that...
Phpnuke module.php vulnerability and php error_reporting issue
Phpnuke module.php vulnerability and PHP errorreporting issue on 16 december by Cabezon Aurйlien | [email protected] As you know, there are many Cross site scripting issue on Phpnuke modules and other web application using PHP. There is a cross site scripting issue cause : 1 there ...
Update Rollup 6 for Microsoft System Center 2016 - Operations Manager Reporting (KB4459897)
This updates resolves problems described in KB4459897...
Update Rollup 1 for Microsoft System Center 2019 - Operations Manager Reporting (KB4533415)
This updates resolves problems described in KB4533415...
Update Rollup 10 for Microsoft System Center 2016 - Operations Manager Reporting (KB4580254)
This updates resolves problems described in KB4580254...
Update Rollup 3 for System Center 2012 - Operations Manager Reporting (2750631)
This update resolves Operations Manager issues described in KB article 2756127...
Update Rollup 3 for Microsoft System Center 2019 - Operations Manager Reporting (KB4594078)
This updates resolves problems described in KB4594078...
Update Rollup 12 for Microsoft System Center 2012 R2 - Operations Manager Reporting (KB3209587)
This updates resolves problems described in KB3209587...