U.S. Dept Of Defense: Reflected XSS at ████████

A reflected cross-site scripting XSS vulnerability was discovered in the dochelper feature of a certain domain. An attacker could inject a crafted script into the userId parameter, which would execute when the victim user accessed the page, potentially allowing the attacker to steal the victim's...

Siemens POWER METER SICAM Q100 Session Fixed Vulnerability

The POWER METER SICAM Q100 is a multifunctional device for detecting, reporting and analyzing measured values and events. A session fixation vulnerability exists in the Siemens POWER METER SICAM Q100, which can be exploited by an attacker to gain access to a user's account via an active session...

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

GHSA-825G-F3G2-6VXF QuickApps CMS Cross-site Scripting

QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...

Snapt Aria has an unspecified vulnerability

Snapt Aria is an enterprise ADC solution from Snapt USA that provides a load balancer, web gas pedal, web application firewall WAF, global server load balancer GSLB, etc. A security vulnerability exists in Snapt Aria v12.8, which could be exploited by an unauthenticated attacker to send emails fr...

CVE-2021-33394

Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker...

Privilege Escalation

firefox is vulnerable to privilege escalation. A malicious extension is able to call browser.identity.launchWebAuthFlow and control the redirecturi. Subsequently, the Auth code can be retrieved and access to user's account is obtained...

CVE-2020-6823

A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirecturi, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox 75...

CVE-2020-6823

A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirecturi, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox 75...

CVE-2020-6949

A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account...

CVE-2010-3359

If LDLIBRARYPATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account...

CVE-2019-18192

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...

Cross site scripting

QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...

X (Formerly Twitter): [URGENT] Opportunity to publish tweets on any twitters account

The reporter discovered a flaw in the handling of Twitter Ads Studio requests which allowed an attacker to tweet as any user. By sharing media with a victim user and then modifying the post request with the victim's account ID the media in question would be posted from the victim's account. This...

Samsung SyncThru Web Service unauthenticated access

User's account is not checked...

phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities

This host is installed with phpCAS and is prone to session hijacking and cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbphpcassessionhijacknxssvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities Authors: Madhuri...

blackboard-xss.txt

//////////////////////////////////////////////////////////////////////////////// //Note: //The full version of this report in pdf format available at my blog: //http://www.secskill.wordpress.com // OR : //http://www.scribd.com/doc/2363025/Blackboard-Academic-Suite-Multiple-XSS-Vulnerabilities-...

File system access in imap-uw

By design it's possible to access any file readable by user's account...