GHSA-HG35-VQP3-FV39 ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings

A number of classes, primarily within the ZendForm, ZendFilter, ZendForm, ZendLog and ZendView components, contained character encoding inconsistencies whereby calls to the htmlspecialchars and htmlentities functions used undefined or hard coded charset parameters. In many of these cases develope...

RHCOS 4 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. - golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 - kube-apiserver: Bypassing policies imposed by the...

GHSA-MRVJ-7Q4F-5P42 Cross-site scripting in eZ Platform Kernel

Impact In file upload it is possible by certain means to upload files like .html and .js. These may contain XSS exploits which will be run when links to them are accessed by victims. Patches The fix consists simply of adding common types of scriptable file types to the configuration of the alread...

CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS

When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. PoC A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then...

e107 2 Bootstrap CMS - Cross-Site Scripting

| | | || / | |/' | | || | / / | /| \ / /\ | / / \ |/ / alertString.fromCharCode88, 83, 83 or "alertdocument.cookie ======== Credits: ======== Vulnerability found and advisory written by Ahmet Agar. =========== References: =========== http://www.0x97.info htts://twitter.com/HacKingZ...

zenphoto 1.4.3.3 - Multiple Vulnerabilities

No description provided by source. waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind waraxe Date: 03. November 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html...

[SpearPhisher] A Simple Phishing Email Generation Tool

SpearPhisher is a simple point and click Windows GUI tool designed for mostly non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending...

ZenPhoto 1.4.3.3 - Multiple Vulnerabilities

ZenPhoto 1.4.3.3 - Multiple Vulnerabilities waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind "waraxe" Date: 03. November 2012 Location: Estonia, Tartu Web:...

ZenPhoto 1.4.3.3 - Multiple Vulnerabilities

waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind "waraxe" Date: 03. November 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html Description of vulnerable...

Zenphoto 1.4.3.3 Multiple Vulnerabilities

Exploit for php platform in category web applications Multiple Vulnerabilities in Zenphoto 1.4.3.3 Author: Janek Vind "waraxe" Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html Description of vulnerable software: Zenphoto is a standalone CMS for multimedia focused websites. Our...

phpcms v9. 1. 1 5 sql and XSS exploits-vulnerability warning-the black bar safety net

phpcms v9. 1. 1 5 The official demo site has been updated to 9.1.16: the http://v9.demo.phpcms.cn/ XSS public function publicgetsuggestkeyword $url = $GET'url'.'& q='.$ GET'q'; echo $url; $res = @filegetcontents$url; ifCHARSET != 'gbk' $res = iconv'gbk', CHARSET, $res; echo $res; Use method:...

IFOBS Cross Site Request Forgery / Cross Site Scripting

Hello list! I want to warn you about Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in system IFOBS. IFOBS - it's Internet-banking system, which is widespread and particularly it's used by large number of Ukrainian banks. These are the next 35 vulnerabilities in IFOBS: 1 CSRF...

Zomplog CMS 3.9 Cross Site Request Forgery / Cross Site Scripting

Date: Sun 15 Aug 2010 04:33:33 PM EEST Vendor: http://www.zomp.nl/zomplog/ Download: http://www.zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip --- -= CSRF PoC 1 - Change Admin Password =- Zomplog CMS 3.9 Multiple XSS/CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Create Admin User...

SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2007:019

Check for the Version of MozillaFirefox,seamonkey OpenVAS Vulnerability Test $Id: gbsuse2007019.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2007:019 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

SuSE Update for mozilla,MozillaThunderbird,seamonkey SUSE-SA:2007:022

Check for the Version of mozilla,MozillaThunderbird,seamonkey OpenVAS Vulnerability Test $Id: gbsuse2007022.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for mozilla,MozillaThunderbird,seamonkey SUSE-SA:2007:022 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2683)

This update brings Mozilla Firefox to security update version 1.5.0.10. - As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases several bugs were fixed to improve the stability of the browser. Some of these were crashes that showed evidence of memory corruption and we presume that with enou...

openSUSE 10 Security Update : seamonkey (seamonkey-2811)

This security update brings Mozilla SeaMonkey to version 1.0.8. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)

This update brings Mozilla Firefox to security update version 1.5.0.10. - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases several bugs were fixed to improve the stability of the browser. Some of these were crashes that showed evidence of memory corruption and we presume...

openSUSE 10 Security Update : seamonkey (seamonkey-2691)

This security update brings Mozilla SeaMonkey to version 1.1.1. http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases several bugs wer...

securityXSS.txt

Hello, several security vendors still don't know how to filter html in their custom search engines. http://cybertrust.com/cgi-bin/htsearch?words=%3C%2Ftitle%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E http://www.pandasoftware.com/com/virusinfo/encyclopedia/results.aspx?termino=&tipoBusqueda=vi...