Joomla! Component com_poweradmin 2.3.0 - Multiple Vulnerabilities

--------------------------------------------------------- RatioSec Research Security Advisory RS-2016-001 --------------------------------------------------------- JSN PowerAdmin Joomla! Extension Remote Command Execution Via CSRF and XSS vulnerabilities...

JSN PowerAdmin 2.3.0 Code Exection / CSRF / XSS

--------------------------------------------------------- RatioSec Research Security Advisory RS-2016-001 --------------------------------------------------------- JSN PowerAdmin Joomla! Extension Remote Command Execution Via CSRF and XSS vulnerabilities...

Fiyo CMS 2.0.2.1 Cross Site Scripting

Introduction Affected Product: Fiyo CMS 2.0.2.1 Fixed in: Fiyo CMS 2.0.6 Fixed Version Link: http://www.fiyo.org/blog/versi-2-0-6-banyak-perubahan-untuk-stabilitas Vendor Website: http://www.fiyo.org/ Vulnerability Type: Persistent XSS Remote Exploitable: Yes Reported to vendor: 28/12/2015 Fixed...

Oxwall Forum v1.8.1 - Persistent Cross Site Vulnerability

Document Title: =============== Oxwall Forum v1.8.1 - Persistent Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1740 Release Date: ============= 2016-02-22 Vulnerability Laboratory ID VL-ID: ====================================...

ManageEngine Firewall Analyzer 8.5 - Multiple Vulnerabilities

Exploit for windows platform in category web applications ================================================================ ManageEngine Firewall Analyzer 8.5– Privilege Escalation Vulnerability ================================================================ Description : Vulnerability Type :...

Fortinet FortiWeb 5.1.2 < 5.3.5 Autolearn Configuration Multiple XSS

The remote FortiWeb device is running a software version greater than or equal to 5.1.2 and less than 5.3.5. It is, therefore, affected by multiple cross-site scripting vulnerabilities due to improper validation of user-supplied input to the autolearn configuration page. An attacker can exploit...

Google Chrome Security Bypass Vulnerability (Feb 2016) - Linux

Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Google Chrome Security Bypass Vulnerability (Feb 2016) - Mac OS X

Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Google Chrome Security Bypass Vulnerability (Feb 2016) - Windows

Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Getdpd Cross Site Scripting

Document Title: =============== Getdpd Bug Bounty 6 - Import Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1718 Release Date: ============= 2016-02-09 Vulnerability Laboratory ID VL-ID: ==================================== 1718...

MyScript Memo 3.0 Persistent Script Insertion

Document Title: =============== MyScript Memo v3.0 iOS - Mail Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1706 Release Date: ============= 2016-02-10 Vulnerability Laboratory ID VL-ID: ==================================== 170...

Microsoft Edge and Internet Explorer CVE-2016-0077 Spoofing Vulnerability

Description Microsoft Edge and Internet Explorer are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...

Microsoft SharePoint CVE-2016-0039 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Trend Micro Direct Pass -Persistent Web Vulnerability

Document Title: =============== Trend Micro Direct Pass -Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1712 Release Date: ============= 2016-02-05 Vulnerability Laboratory ID VL-ID: ==================================== 1712...

WordPress Titan Framework < 1.6 Multiple XSS Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by convincing...

CVE-2016-1729

Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application...

WordPress 'theme' Parameter Cross Site Scripting Vulnerability (Jan 2016) - Linux

WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress 'theme' Parameter Cross Site Scripting Vulnerability (Jan 2016) - Windows

WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress < 4.4.1 class-wp-theme.php XSS

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.4.1. It is, therefore, affected by a cross-site scripting XSS vulnerability due to improper validation of user-supplied input to the file wp-includes/class-wp-theme.php before...