TP-Link Archer CR-700 - Cross-Site Scripting

TP-Link Archer CR-700 - Cross-Site Scripting Exploit Title: TP-Link Archer CR-700 XSS vulnerability Google Dork: N/A Date: 09/07/2016 Exploit Author: Ayushman Dutta Vendor Homepage: http://www.tp-link.us/ Software Link: N/A Version: 1.0.6 REQUIRED Tested on: Linux CVE : N/A Exploit Information:...

Kerio Control Cross-Site Request Forgery Vulnerability

Kerio Control is a simple and fast unified threat management system. Cross-site request forgery vulnerabilities in Kerio Control version 9.1.3 can be exploited by an attacker to execute arbitrary script code in the context of an affected site, steal cookie-based authentication, disclose sensitive...

Kerio Control Information Disclosure Vulnerability

Kerio Control is a simple and fast unified threat management system. Information disclosure vulnerabilities in Kerio Control version 9.1.3 can be exploited by attackers to execute arbitrary script code in the context of an affected site, steal cookie-based authentication, disclose sensitive...

b2evolution HTML injection vulnerability (CNVD-2016-07942)

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. An HTML injection vulnerability exists in b2evolution 6.7.5 and earlier versions, which stems from the program's failure to adequately filter user-submitted input. When a user browses the...

Multiple Stored Cross-Site Scripting Vulnerabilities in BINOM3 Electric Power Quality Meter

The BINOM3 Electric Power Quality Meter is a universal multifunctional power quality monitor. BINOM3 Electric Power Quality Meter suffers from multiple stored cross-site scripting vulnerabilities. Attacks that allow authentication by injecting arbitrary JavaScript into specific input fields,...

Splunk Enterprise and Splunk Light vulnerable to cross-site scripting

Overview Splunk Enterprise and Splunk Light contain a cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN71462075. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Stored Cross-Site Scripting Vulnerability in Knight CMS Version 3.7

Knight CMS Talent System is a professional talent system based on PHP+MYSQL. A stored cross-site scripting vulnerability exists in Knight CMS version 3.7. Because the editor in KindEditor version 4.1.10 fails to filter input content, an attacker can exploit the vulnerability to execute arbitrary...

IBM UrbanCode Deploy Cross-Site Scripting Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

ZKTeco ZKAccess Security System 5.3.1 - stored XSS

Application description ZKAccess systems are built on flexible, open technology to provide management, real-time monitoring and control of your access control changes, access via a browser,without the need to install additional software. Security infrastructure devices centralized management,...

Multiple HTML Injection Vulnerabilities in Red Hat JBoss BPMS

Red Hat JBoss BPMS is a business process management platform from Red Hat that combines all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation, and business process monitoring. Red Hat JBoss BPMS has multiple HTML injection vulnerabilities th...

WordPress Cross-Site Scripting Vulnerability (CNVD-2016-07454)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress suffers from a directory traversal vulnerability. Because the program fails to adequately filter...

OwnCloud 'Download Log' Functionality Cross-Site Scripting Vulnerability

OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud. The solution offers file management, music storage, calendars and more. A cross-site scripting vulnerability exists in OwnCloud 'Download Log' Functionality due to the program failing to properly filt...

IBM Cúram Social Program Management Cross-Site Scripting Vulnerability

IBM Cúram Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Cúram Social Program Management that could be exploited by an attacker to...

OwnCloud Gallery Application HTML Injection Vulnerability

OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud. The solution offers file management, music storage, calendars and more. An HTML injection vulnerability exists in the OwnCloud Gallery Application, which could be exploited by an attacker to steal...

TYPO3 'mso/idna-convert' Library Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 'mso/idna-convert'. Because the program fails to filter user-supplied input, an attacker could exploit the vulnerability to execute arbitrary...

TYPO3 'data:' URL Scheme Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3. Because the program fails to properly filter user-supplied input, an attacker may be able to exploit the vulnerability to execute arbitrary...

WordPress plugin Border Loading Bar cross-site scripting vulnerability (CNVD-2016-07111)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress plugin Border Loading Bar allows attackers to exploit t...

WordPress plugin Border Loading Bar cross-site scripting vulnerability (CNVD-2016-07112)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress plugin Border Loading Bar allows attackers to exploit t...

SAP NetWeaver SAPSTARTSRV Remote Buffer Overflow Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications. A remote buffer overflow vulnerability exists in SAP NetWeaver SAPSTARTSRV due to the program failing to adequately filter the bounds-check parameter. An...

Novell GroupWise Cross-Site Scripting Vulnerability

Novell GroupWise is a cross-platform collaboration software. A cross-site scripting vulnerability exists in Novell GroupWise 2014 SP1, 2014 R2, and 2014 releases that stems from the program failing to adequately filter user-submitted input. An attacker could be allowed to exploit the vulnerabilit...