D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting

!/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod URL Filter Developed by Mauricio Corrêa XLabs Information Security WebSite: www.xlabs.com.br CAUTION! This exploit disables some features of the modem, forcing the...

Fortinet FortiAnalyzer 'sql-query' Cross-Site Scripting Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The solution is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

JVN#07538357: EasyCTF vulnerable to cross-site scripting

EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a cross-site scripting vulnerability CWE-79 that can be leveraged by an attacker created account. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...

[SECURITY] Fedora 21 Update: groovy-sandbox-1.8-1.fc21

This project defines a Groovy CompilationCustomizer, which allows a program to execute Groovy script in a restricted sandbox environment. It is useful for applications that want to provide some degree of scriptability to users, without allowing them to execute System.exit0 or any other undesirabl...

WordPress Floating Social Bar Plugin HTML Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An HTML injection vulnerability exists in the WordPress Floating Social Bar plugin. This vulnerability allows attackers to...

Group Policy Script Execution From Shared Resource

This is a general-purpose module for exploiting systems with Windows Group Policy configured to load VBS startup/logon scripts from remote locations. This module runs a SMB shared resource that will provide a payload through a VBS file. Startup scripts will be executed with SYSTEM privileges, whi...

Mozilla Thunderbird < 31.6 Multiple Vulnerabilities

The version of Thunderbird installed on the remote Windows host is prior to 31.6. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy...

Multiple Websense Product Data Security Module Page Cross-Site Scripting Vulnerabilities

Websense, Inc. NASDAQ: WBSN is the world's leading provider of integrated Web, information and data security protection solutions. Multiple Websense product data security module page cross-site scripting vulnerabilities due to the program failing to properly filter user-supplied input. The...

Unspecified Cross-Site Scripting Vulnerability in Multiple Websense Products

Websense, Inc. NASDAQ: WBSN is the world's leading provider of integrated Web, information and data security protection solutions. An unspecified cross-site scripting vulnerability exists in multiple Websense products due to the program failing to properly filter user-supplied input. The...

Unspecified Cross-Site Scripting Vulnerability in Multiple Websense Product DLP Incidents

Websense, Inc. NASDAQ: WBSN is the world's leading provider of integrated Web, information and data security protection solutions. Multiple Websense product DLP incidents contain an unspecified cross-site scripting vulnerability due to the program failing to properly filter user-supplied input. T...

Barracuda Networks IM Firewall Cross-Site Scripting Vulnerability

Barracuda Networks IM Firewall is an instant messaging solution from Barracuda Networks that integrates an IM server, client management and security measures. The solution provides keyword identification and reporting, file transfer, IM traffic identification and logging. A cross-site scripting...

Barracuda Networks IM Firewall HTML Injection Vulnerability

Barracuda Networks IM Firewall is an instant messaging solution from Barracuda Networks that integrates an IM server, client management and security measures. The solution provides keyword identification and reporting, file transfer, IM traffic identification and logging. An HTML injection...

Softwebs Nepal Fast Chat 'loginprg.asp' Cross-Site Scripting Vulnerability

Softwebs Nepal Fast Chat is a chat software package developed by Softwebs Nepal team. A cross-site scripting vulnerability exists in Softwebs Nepal Fast Chat, which arises from the program's failure to adequately filter user-submitted input. When a user browses the affected site, their browser wi...

Drupal Open Legislation module cross-site scripting vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Open Legislation is one of the open database modules. A cross-site scripting vulnerability exists in the Drupal Open Legislation module, which stems from the program's failure to...

TinyWebGallery Cross-Site Scripting Vulnerability

TinyWebGallery TWG is a software developer Michael Dempfle developed a set of open source album based on Ajax, PHP and XML , it provides text and image watermarking , slide show , image uploading and management and other functions . A cross-site scripting vulnerability exists in TWG that stems fr...

Fumy Teacher's Schedule Board vulnerable to cross-site scripting

Overview Fumy Teacher's Schedule Board provided by Nishishi Factory is a CGI program that displays schedules. Fumy Teacher's Schedule Board contains a cross-site scripting vulnerability. OHTA, Yoshinori of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

Multiple Cross-Site Scripting Vulnerabilities in Drupal Site Documentation Module

Drupal is a developmental CMF Content Management Framework written in the PHP language. Multiple cross-site scripting vulnerabilities exist in the Drupal Site Documentation module. Because the application fails to properly filter user-supplied input, an attacker could exploit the vulnerabilities ...

Multiple Cross-Site Scripting Vulnerabilities in Drupal Image Title Module

Drupal is a developmental CMF Content Management Framework written in the PHP language. Multiple cross-site scripting vulnerabilities exist in the Drupal Image Title module. Because the application fails to properly filter user-supplied input, an attacker could exploit the vulnerabilities to...

WordPress Plugin Google Analytics by Yoast 'class-admin.php' HTML Injection Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. An HTML injection vulnerability exists in the WordPress plugin Google Analytics by Yoast 'class-admin.php'. An attacker can exploit the vulnerability to execute...

Cross-site scripting vulnerability in Drupal Webform module

Drupal is a developmental CMF Content Management Framework written in the PHP language. A cross-site scripting vulnerability exists in the Drupal Webform module. Because the program fails to properly filter user-supplied text, an attacker can exploit the vulnerability to execute arbitrary script...