CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

Cross site scripting

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

CVE-2016-5099

CVE-2016-5099 pertains to a cross-site scripting (XSS) vulnerability in phpMyAdmin. The issue affects phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2, allowing remote attackers to inject arbitrary web script or HTML via characters mishandled during double URL decoding. Public advisories i...

CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

V8 browser kernel vulnerability, which allows a hacker to obtain confidential information

The vulnerability of the uri.js component in the V8 browser kernel arises from the use of an incorrect array type. Exploiting this vulnerability may allow a remote attacker to obtain confidential information by calling the URL decoding function...

Design/Logic Flaw

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

CVE-2016-2785

CVE-2016-2785 affects Puppet Server prior to 2.3.2, Ruby puppetmaster in Puppet 4.x prior to 4.4.2, and Puppet Agent prior to 1.4.2. The issue allows remote attackers to bypass auth.conf access restrictions by exploiting incorrect URL decoding. Affected components include Puppet Server, Puppet Ma...

Puppet Improper Access Control

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

Slack: Link vulnerability leads to phishing attacks

Hello Guys, Hope you are doing great. I'm sending this email to let you know about a vulnerability i stumbled upon while using slack it's a great app!. While copy-pasting a link from a pdf to slack desktop/web, i noticed that the resulting links looked a bit messed up 1.png Firing up burp and...

APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address the following: Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite...

AdaptCMS 2.0.4 (config.php, question parameter) SQL Injection Vulnerability

No description provided by source. Exploit Title: AdaptCMS = 2.0.4 SQL Injection vulnerability Date: 26/10/2012 Exploit Author: Kallimero Vendor Homepage: http://www.adaptcms.com/ Software Link: http://www.insanevisions.com/page/3/Downloads/ Version: 2.0.4 Tested on: Debian Introduction...

PhpBB viewtopic.php URL Decoding Code Execution - Ver2 (CVE-2004-1315)

A code execution vulnerability has been reported in phpBB. The vulnerability is due to lack of input validation on the highlight parameter supplied to viewtopic. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause...

phpBB viewtopic.php URL Decoding Code Execution - ver 2 (CVE-2004-1315)

A code injection and execution vulnerability has been reported in phpBB. The vulnerability is due to lack of input validation on the highlight parameter supplied to viewtopic.php. A remote attacker can exploit this issue by injecting malicious SQL code to the target server. Successful exploitatio...