EUVD-2013-4473

Malware in sbrugna...

EUVD-2013-4480

Malware in sbrugna...

Siemens SCALANCE XCM-/XRM-300

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2023-45130

Frontier (Substrate’s Ethereum compatibility layer) has a CVE-2023-45130 issue where, prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, invoking opcode SUICIDE on a contract that has large storage can trigger a single IO call across the WebAssembly boundary to remove all storages, potenti...

CVE-2023-45130 Frontier opcode SUICIDE touches too many storage values on large contracts

Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses storage::removeprefix now renamed to storage::clearprefix to remove all storage...

XCMS v1.83 - Remote Command Execution (RCE)

Exploit Title: XCMS v1.83 - Remote Command Execution RCE Author: Onurcan Email: [email protected] Site: ihteam.net Script Download : http://www.xcms.it Date: 26/12/2022 The xcms's footerthat is in "/dati/generali/footer.dtb" is included in each page of the xcms. Taking "home.php" for example...

CVE-2013-4624

Multiple cross-site scripting XSS vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via 1 the site parameter to engines/manager.jsp, 2 the searchString parameter to administration/ in a search action, or the 3 username, 4 firstName,...

CVE-2013-3920

Cross-site scripting XSS vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field...

CVE-2013-4617

Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via 1 the site parameter to engines/manager.jsp, 2 the searchString parameter to administration/ in a search action, or the 3 username, 4 firstName,...

Cross site scripting

Cross-site scripting XSS vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field...

Design/Logic Flaw

Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

CVE-2013-3920

Cross-site scripting XSS vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field...

CVE-2013-3920

CVE-2013-3920: Jahia xCM before 6.6.2 contains an XSS vulnerability allowing remote authenticated users to inject arbitrary script or HTML via the about me field. CVE-2013-4617: Jahia xCM before 6.6.2 does not set the HTTPOnly flag on the JSESSIONID cookie, enabling potential script access to the...

CVE-2013-4624

CVE-2013-4624 concerns Jahia xCM 6.6.1.0 prior to hotfix 7. Multiple XSS vulnerabilities arise from insufficient sanitisation of user input in several vectors: (1) site parameter to engines/manager.jsp, (2) searchString parameter to administration/?do=users&sub=search, and (3) POST fields usernam...

CVE-2013-4617

Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

CVE-2013-4624

Multiple cross-site scripting XSS vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via 1 the site parameter to engines/manager.jsp, 2 the searchString parameter to administration/ in a search action, or the 3 username, 4 firstName,...

CVE-2013-4617

CVE-2013-4617 affects Jahia xCM prior to 6.6.2. The issue is that the Set-Cookie header for the JSESSIONID cookie does not use the HTTPOnly flag, which can allow remote attackers to access the cookie via client-side scripts and potentially expose sensitive information. The provided documents conf...

Multiple XSS Vulnerabilities in Jahia xCM

Advisory ID: HTB23159 Product: Jahia xCM Vendor: Jahia Solutions Group SA Vulnerable Versions: 6.6.1.0 r43343 and probably prior Tested Version: 6.6.1.0 r43343 Vendor Notification: June 5, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: Cross-Site Scripting...

Jahia xCM 6.6.1.0 r43343 Cross Site Scripting

Advisory ID: HTB23159 Product: Jahia xCM Vendor: Jahia Solutions Group SA Vulnerable Versions: 6.6.1.0 r43343 and probably prior Tested Version: 6.6.1.0 r43343 Vendor Notification: June 5, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: Cross-Site Scripting...