what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 43 RSS Feed

Files

jQuery 1.0.3 Cross Site Scripting
Posted Apr 14, 2021
Authored by Central Infosec

jQuery version 1.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-11023
SHA-256 | 7ff5c0bf22409a30bef573c9e5485eb91fec6fb5647f3807595a866b12f17491

Related Files

Ubuntu Security Notice USN-6419-1
Posted Oct 5, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6419-1 - Hong Phat Ly discovered that jQuery UI did not properly manage parameters from untrusted sources, which could lead to arbitrary web script or HTML code injection. A remote attacker could possibly use this issue to perform a cross-site scripting attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Esben Sparre Andreasen discovered that jQuery UI did not properly handle values from untrusted sources in the Datepicker widget. A remote attacker could possibly use this issue to perform a cross-site scripting attack and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

tags | advisory, remote, web, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2016-7103, CVE-2021-41184, CVE-2022-31160
SHA-256 | 05388b73a403c354a99e6e89119bc4f5977a6dc6cffe23761717eab763f7e15d
WordPress Kero jQuery/HTML Dashboard PRO 2.3.86 SQL Injection
Posted Jun 20, 2023
Authored by indoushka

WordPress Kero jQuery/HTML Dashboard PRO theme version 2.3.86 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 6cda9daa7754508e66d5e8c79b545e8844499bf4bd6fe4ad860ff7905e41504b
jQuery 1.2 Cross Site Scripting
Posted Apr 14, 2021
Authored by Central Infosec

jQuery version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-11022
SHA-256 | e46a9bcd5c68212173c90bfe7a472e62486ceae0b3bc203dd6d56f46c93fd2a6
Linksys EA7500 2.0.8.194281 Cross Site Scripting
Posted Mar 25, 2021
Authored by MiningOmerta

Linksys EA7500 version 2.0.8.194281 suffers from a cross site scripting vulnerability due to an old jQuery version.

tags | exploit, xss
advisories | CVE-2012-6708
SHA-256 | ed64587e6af38672498f31d0fd4d09d6a672715c905304f9cc64acecea858861
WordPress Delightful Downloads Jquery File Tree 1.6.6 Path Traversal
Posted Mar 22, 2021
Authored by Nicholas Ferreira

WordPress Delightful Downloads Jquery File Tree plugin versions 1.6.6 and below path traversal exploit.

tags | exploit, file inclusion
advisories | CVE-2017-1000170
SHA-256 | 55dc77f809d56b8b5aa14205f75e1428b5c479b4e6d09486ba4219db69b108dd
jQuery UI 1.12.1 Denial Of Service
Posted Jan 28, 2021
Authored by Rafael Cintra Lopes

jQuery UI version 1.12.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2020-28488
SHA-256 | a55ca73bbc5f68717781c8e410b1c0e9e38ac04872d990743803f483068e5332
Red Hat Security Advisory 2020-5581-01
Posted Dec 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5581-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability, code execution, python
systems | linux, redhat
advisories | CVE-2019-11358
SHA-256 | 001cf68a484d7e63fdefcde569cf17ff1e2851b5457ea6dcc6630f97c988f531
Red Hat Security Advisory 2020-5412-01
Posted Dec 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5412-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include a code execution vulnerability.

tags | advisory, javascript, code execution, python
systems | linux, redhat
advisories | CVE-2020-11023
SHA-256 | aa6cadf360467aa8675c6c7bb4ffac148174f61c06931d7d7be43e435824e6f8
Red Hat Security Advisory 2020-5249-01
Posted Nov 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5249-01 - Fixed two jQuery vulnerabilities Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP requests by default Updated several dependencies of Ansible Tower's User Interface to address Updated to the latest version of python-psutil to address CVE-2019-18874 Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases Fixed workflows to no longer prevent certain users from being able to edit approval nodes Fixed confusing behavior for social auth logins across distinct browser tabs Fixed launching of Job Templates that use prompt-at-launch Ansible Vault credentials. Issues addressed include code execution and cross site scripting vulnerabilities.

tags | advisory, web, vulnerability, code execution, xss, python
systems | linux, redhat
advisories | CVE-2019-18874, CVE-2020-11022, CVE-2020-11023, CVE-2020-7676, CVE-2020-7720, CVE-2020-7743
SHA-256 | 110dd18b4efb16ae0c10f48cfdb06ff0615e9ae0e93f088c11b253e73a4fd781
jQuery html() Cross Site Scripting
Posted Apr 25, 2020
Authored by Marcin Kozlowski, Masato Kinugawa

jQuery versions prior to 3.5 suffer from an html() cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 806fd26fbc6fd6a800e9b74e6dd857dc88fdeef9c3b39d821ec111c8bb913aef
Red Hat Security Advisory 2020-1325-01
Posted Apr 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1325-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability, code execution, python
systems | linux, redhat
advisories | CVE-2019-11358
SHA-256 | 2f2f2c53d6e250b07b121b76a0eea7a5ad19925d05d681c49010a07858fc5ae9
OctoberCMS Insecure Dependencies
Posted Mar 15, 2020
Authored by John Martinelli from ISRD.com

OctoberCMS is a CMS similar to WordPress, but with much less "fluff". The SECURELI.com team identified the latest version of OctoberCMS relying on Bootstrap 3.3.7, jQuery 1.11.1, and jQuery 3.3.1. All of these dependencies are vulnerable.

tags | advisory
advisories | CVE-2015-9251, CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, CVE-2019-11358, CVE-2019-8331
SHA-256 | f681fa16535fadc7191cd66f822dffa7d216f8af2a34f5deedc5787f586eef6a
Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload
Posted Jan 17, 2019
Authored by Larry W. Cashdollar

Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2018-9206
SHA-256 | e9f157afd7f59180b86e0627f3b9de79d4da7a9d147657e0cbddcbeeed0173eb
Typo3 CMS YAG Themepack jQuery 1.3.2 Database Disclosure
Posted Jan 2, 2019
Authored by KingSkrupellos

Typo3 CMS YAG Themepack jQuery extension version 1.3.2 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | ee80abff91072d0e152132ec4ced00f19d32d91d9fa387af839dfa43c67ad798
blueimp jQuery Arbitrary File Upload
Posted Nov 5, 2018
Authored by Larry W. Cashdollar, wvu, Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been exploited in the wild since at least 2015 and was publicly disclosed to the vendor in 2018. It has been present since the .htaccess change in Apache 2.3.9. This Metasploit module provides a generic exploit against the jQuery widget.

tags | exploit, arbitrary, php, file upload
advisories | CVE-2018-9206
SHA-256 | d34fb14aa9b4338617c18788b969d61c2e2bb73edfa259074f37f0336142d5c4
jQuery-File-Upload 9.22.0 Arbitrary File Upload
Posted Oct 10, 2018
Authored by Larry W. Cashdollar

jQuery-File-Upload versions 9.22.0 and below suffer from an unauthenticated arbitrary file upload vulnerability that allows for remote command execution.

tags | exploit, remote, arbitrary, file upload
SHA-256 | 9b9e155688817d68e773b78e64aa874b246af6c757592c38ac8faeace00f863c
Western Digital MyCloud multi_uploadify File Upload
Posted Dec 15, 2017
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

tags | exploit, web, arbitrary, shell, root, php, code execution, file upload
advisories | CVE-2017-17560
SHA-256 | 33807dc92c51e0890223cb5aa8b949a564e99406df84abf4910ba71ac13c7512
BuilderEngine Arbitrary File Upload / Execution
Posted May 17, 2017
Authored by Marco Rivoli, metanubix | Site metasploit.com

This Metasploit module exploits a vulnerability found in BuilderEngine 3.5.0 via elFinder 2.0. The jquery-file-upload plugin can be abused to upload a malicious file, which would result in arbitrary remote code execution under the context of the web server.

tags | exploit, remote, web, arbitrary, code execution
SHA-256 | 5ba5bb643f31ecc62484733644b0696342aaba16644737ef5bd5784d1a739d0d
Red Hat Security Advisory 2017-0161-01
Posted Jan 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0161-01 - jQuery UI is a set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript library. Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.

tags | advisory, javascript, xss
systems | linux, redhat
advisories | CVE-2016-7103
SHA-256 | 228292d261a09c33ba32f657b1b49a99534245f626a3f55a46b5a60eeabc2dbd
Red Hat Security Advisory 2016-2933
Posted Dec 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2933 - An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-7103
SHA-256 | 67077c8cafbfe6072c6edf13c4e21d1b8f5252a6e715bc8616fae7aac5860cdc
Red Hat Security Advisory 2016-2932-01
Posted Dec 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2932-01 - An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 8.0 (Liberty). Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-7103
SHA-256 | 50b384607295f1379adf0df884f3814ccd83909bfcfe9cab8e226e48245f72a7
HP Security Bulletin HPSBHF03440 1
Posted Aug 12, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03440 1 - A potential security vulnerability in JQuery was addressed by HPE Integrated Lights-Out 3. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
advisories | CVE-2011-4969
SHA-256 | d4e4427059bf0f52d590b8440696253f452456d6b56937c208ef0874ee58a1ff
Red Hat Security Advisory 2015-1462-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1462-01 - Two cross-site scripting flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. Note: The IdM version provided by this update no longer uses jQuery. The ipa-server-install, ipa-replica-install, and ipa-client-install utilities are not supported on machines running in FIPS-140 mode. Previously, IdM did not warn users about this. Now, IdM does not allow running the utilities in FIPS-140 mode, and displays an explanatory message.

tags | advisory, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2010-5312, CVE-2012-6662
SHA-256 | 200010d0ed3ebfec3427d11ca0067d8bf3c37c527acb4ca4e5011b47b546ad34
Debian Security Advisory 3249-2
Posted Jun 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3249-2 - The update for jqueryui in DSA-3249-1 introduced a regression where direct usage of the file jquery.ui.dialog.js can get broken due to a missing function definition.

tags | advisory
systems | linux, debian
SHA-256 | 5a2ac733be56ebd9ace967daa7eb439b0e56d19d9c70089bc3c52dc8b9756407
Debian Security Advisory 3249-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3249-1 - Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its "title" option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.

tags | advisory, remote, web, arbitrary, javascript, xss
systems | linux, debian
advisories | CVE-2010-5312
SHA-256 | 73621fcbf22d1908f89e9d5877cc9a438c5e3f23c53d8833898194d5ba25001b
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close