Atlassian Universal Plugin Manager Cross-Site Scripting Vulnerability

Atlassian Universal Plugin Manager is a set of tools from Atlassian Australia for managing add-ons in Atlassian applications. A cross-site scripting vulnerability exists in the NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager versions prior to 2.22.9. A remote...

ManageEngine Recovery Manager Plus 5.3 Cross Site Scripting

Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Dated: 2018-03-31 Exploit Author: Ahmet GAREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330 Platform: Java Tested on: Windows CVE: CVE-2018-9163 1. DETAI...

FortiCloud XSS vulnerability in on-demand sandbox GUI

Before Dec 5th, 2017, a Cross-Site-Scripting XSS vulnerability in forticloud.com on-demand sandbox GUI may have allowed an authenticated user to inject arbitrary web code or HTML in the context of the victim's browser via the upload of a maliciously crafted file...

The Rise of Super-Stealthy Digitally Signed Malware—Thanks to the Dark Web

Guess what's more expensive than counterfeit United States passports, stolen credit cards and even guns on the dark web? It's digital code signing certificates. A recent study conducted by the Cyber Security Research Institute CSRI this week revealed that stolen digital code-signing certificates...

tianchoy/blog Arbitrary File Upload Vulnerability

tianchoy/blog is a Chinese software developer Tian Chao developed a single-user blog creation program . A security vulnerability exists in the upload.php file in tianchoy/blog 2017-09-12 and earlier versions. A remote attacker can exploit this vulnerability to upload arbitrary files and execute P...

Splunk Enterprise and Splunk Light Web Cross-Site Scripting Vulnerabilities

Splunk is a suite of data collection and analysis software. The software is primarily used to collect, index and analyze machine-generated data, including data generated by all IT systems and infrastructure. A cross-site scripting vulnerability exists in Splunk Enterprise and Splunk Light in the...

HTMLToNuke Cross-Site Scripting Vulnerabilty

No description provided by source. source: http://www.securityfocus.com/bid/8174/info A vulnerability has been reported in htmltonuke that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable...

CVE-2011-5108

Cross-site scripting XSS vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Action Network(DVbbs) Ver 8.3.0 multiple cross-site vulnerabilities-vulnerability warning-the black bar safety net

Dynamic network Forum as currently domestic maximum of Community Forum software service provider, relies on its powerful of features, phenomenal access speed and load capacity, and friendly convenient of customer operation interface, quality customer service, leading technology and strong and...

Debian Security Advisory DSA 1724-1 (moodle)

The remote host is missing an update to moodle announced via advisory DSA 1724-1. OpenVAS Vulnerability Test $Id: deb17241.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1724-1 moodle Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian DSA-1724-1 : moodle - several vulnerabilities

Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0500 It was discovered that the information stored in the log tables was not properly sanitized, which could...

[SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1724-1 [email protected] http://www.debian.org/security/ Steffen Joeris February 13th, 2009 http://www.debian.org/security/faq -...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...

CVE-2007-4453

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...

CVE-2007-4453

CVE-2007-4453 affects vBulletin 3.6.8 and involves multiple reflected XSS vulnerabilities in PHP pages. The issue allows an attacker to inject arbitrary HTML/JS via the s parameter to index.php and the q parameter to files including faq.php, member.php, memberlist.php, calendar.php, search.php, f...

HTMLToNuke - Cross-Site Scripting

source: https://www.securityfocus.com/bid/8174/info A vulnerability has been reported in htmltonuke that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable script...

CVE-2002-0687

Zope Server DoS via header injection (CVE-2002-0687) affects Zope versions 2.0 through 2.5.1 beta 1, where the "through the web code" capability allows untrusted users to crash the server by injecting malicious headers into a response. The connected advisories (GHSA-vwrc-g9q6-f675 and OSV) descri...