Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2015-07734)

Adobe ColdFusion is a dynamic Web server , its CFML is a programming language , similar to the current JSP in the JSTL. A cross-site scripting vulnerability exists in Adobe ColdFusion. The program fails to adequately filter user-supplied input, allowing remote attackers to execute arbitrary scrip...

b374k 3.2.3 2.8 CSRF / Command Injection Vulnerabilities

b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection. Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/...

TYPO3 News system extension cross-site scripting vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland. news system news is one of the extension components that provides press release functionality. A cross-site scripting vulnerability exists in TYPO3 News system extension...

KLA10689 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilitie...

Disabling scripts in Add-on SDK panels has no effect — Mozilla

Add-on authors Jason Hamilton and Peter Arremann with AMO editor Sylvain Giroux reported a vulnerability when a panel is created using the Add-on SDK in a browser extension. Defining a panel with script: false is supposed to disable script execution but it was found that inline script would still...

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 allows a hacker to redirect users to a malicious website.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 allows a malicious actor to execute a script within the context of the current user’s security, using a specially created website...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2015-06635)

Microsoft SharePoint Server and SharePoint Foundation are both business collaboration platforms from Microsoft Corporation. A cross-site scripting vulnerability exists in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1. A remote attacker can exploit this vulnerability to...

Dojo Toolkit vulnerable to cross-site scripting

Overview Dojo Toolkit is a software to assist in building web applications. Dojo Toolkit contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

Splunk cross-site scripting vulnerability (CNVD-2015-06482)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. A cross-site scripting vulnerability exists in Splunk versions 6.2.6 prior to 6.2.0, which can be exploited by an attacker to execute arbitrary script code, steal cookie-based authentication and...

4images 1.7.11 Cross Site Scripting

============================================= MGC ALERT 2015-001 - Original release date: September 08, 2015 - Last revised: September 24, 2015 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY...

USN-2743-1: Firefox vulnerabilities

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially explo...

Kirby CMS 2.1.0 - CSRF Content Upload and PHP Script Execution Vulnerability

Exploit for php platform in category web applications ============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Kirby CMS = 2.1.0 CSRF Content...

Kirby CMS 2.1.0 - Cross-Site Request Forgery / Content Upload / PHP Script Execution

============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Kirby CMS = 2.1.0 CSRF Content Upload and PHP Script Execution II. BACKGROUND...

Kirby CMS multi-vulnerability analysis-vulnerability warning-the black bar safety net

Kirby CMS is an easy to use, easy to install and setup is very flexible CMS system, no database support, the use of file system storage. Support Markdown grammar, templates and plug-ins. Vulnerability details In Kirby CMS found two vulnerabilities: 1. By path traversal authentication bypass 2. Th...

Microsoft Exchange Server CVE-2015-2543 Spoofing Vulnerability

Description Microsoft Exchange Server is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. The following versions are affected:...

Amazon Linux: Security Advisory (ALAS-2014-388)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenDocMan vulnerable to cross-site scripting

Overview OpenDocMan is a document management system DMS. OpenDocMan contains a cross-site scripting vulnerability due to a processing flaw in the "redirection" parameter. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

BBS X102 vulnerable to cross-site scripting

Overview BBS X102 provided by guide-park.com is a bulletin board software. BBS X102 contains a cross-site scripting vulnerability. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on May 26, 2015, it was judged that an advisory for this vulnerabili...

hitSuji (rktSNS2) vulnetable to cross-site scripting

Overview hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on May 26, 2015, it was judged that an advisory for this...

JVN#24692261: hitSuji (rktSNS2) vulnetable to cross-site scripting

hitSuji rktSNS2 provided by rakuto.net is an open source SNS software. hitSuji rktSNS2 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Consider stop using hitSuji rktSNS2 0.2.2b Since the developer was unreachable,...