CVE-2017-9140

The CVE-2017-9140 issue affects Telerik Reporting for ASP.NET WebForms (Telerik.ReportViewer.WebForms.dll) prior to R1 2017 SP2 (11.0.17.406). It is a reflected XSS vulnerability exploitable via the bgColor parameter to Telerik.ReportViewer.axd, allowing attacker-controlled script/HTML execution ...

CVE-2017-9140

Cross-site scripting XSS vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd...

mailerlite.com XSS vulnerability

Open Bug Bounty ID: OBB-157550 Description| Value ---|--- Affected Website:| mailerlite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

DevExpress ASPxFileManager 10.2 to 13.2.8 - Directory Traversal

Exploit for asp platform in category web applications Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read arbitrary files ...

Directory traversal

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. dot dot in the EVENTARGUMENT parameter...

CVE-2014-2575

The CVE-2014-2575 entry concerns DevExpress ASPxFileManager for WebForms and MVC. A directory traversal vulnerability allows remote authenticated users to read or write arbitrary files by supplying a relative path in __EVENTARGUMENT, affecting DevExpress ASPxFileManager versions up to 13.2.8 (and...

CVE-2014-2575

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. dot dot in the EVENTARGUMENT parameter...

Microsoft Report Viewer Cross Site Scripting

================================================== Cross-Site Scripting XSS in Microsoft ReportViewer Controls Adam Bixby - Gotham Digital Science [email protected] Public Release Date: 8/9/2011 Confirmed Affected Software: Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft Visual...

Debian DSA-2091-1 : squirrelmail - No user-specific token implemented

SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery CSRF attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other...