CVE-2017-2453

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site...

CVE-2016-6036

IBM Rational Quality Manager RQM 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Referenc...

CVE-2016-9990

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998824...

CVE-2016-7542

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API, and may therefore be able to crack them...

CVE-2016-7542

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API, and may therefore be able to crack them...

Concepts, Entities and Terms used for nFactor Authentication through NetScaler

nFactor is the new authentication framework that allows an administrator to configure complex authentication scenarios fairly easily. It reduces complexity through flexible and extensible authentication mechanisms. This framework could be used to configure all the authentication modes currently...

Cisco IOS XE Web User Interface DoS (cisco-sa-20170322-webui)

According to its self-reported version, the Cisco IOS XE software running on the remote device is affected by a denial of service vulnerability in the web user interface due to insufficient resource handling. An unauthenticated, remote attacker can exploit this issue, by sending a high number of...

CVE-2016-9130

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The website name wasn't properly escaped when displayed in the campaign-zone.php script...

Cross site scripting

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

Cross site request forgery (csrf)

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery CSRF. A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: www/admin/banner-acl.php, www/admin/banner-activate.php, www/admin/banner-advanced.php, www/admin/banner-modify.php,...

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

Cross site scripting

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The website name wasn't properly escaped when displayed in the campaign-zone.php script...

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

Unspecified Cross-Site Scripting Vulnerability in IBM TRIRIGA Application Platform

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

GitLab: Unfiltered `class` attribute in markdown code

This affects merge request/issue comments and probably other parts of the user interface. I am demonstrating PoCs on GitLab.com itself, as they don't affect anything outside of my test repo, which is private. It could be used to execute some js actions by contructing content that uses the...

Cisco IOS XE Software Web User Interface Denial of Service Vulnerability

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2017-3856

A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. A...

CVE-2017-3856

Cisco IOS XE Web UI Denial of Service (CVE-2017-3856) affects IOS XE releases 3.1–3.17 when the web UI is enabled. The root cause is insufficient resource handling under high HTTP load, allowing an unauthenticated, remote attacker to cause a device reload by flooding the web UI with requests. Imp...

Cisco IOS XE Software Web User Interface Denial of Service Vulnerability

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attack...