the original cloud security
Showing 1 - 25 of 15,171 RSS Feed

XSS Files

BMC Remedy LFI / RFI / XSS / Code Execution
Posted Oct 19, 2017
Authored by Simon Rawet

BMC Remedy suffers from log hijacking, code execution, cross site scripting, local/remote file inclusion, and various other vulnerabilities.

tags | advisory, remote, local, vulnerability, code execution, xss, file inclusion
MD5 | 6a00391d6567c156d616b913657c8b20
Afian AB FileRun 2017.03.18 CSRF / Shell Upload / XSS / Redirection
Posted Oct 17, 2017
Authored by Roman Ferdigg | Site sec-consult.com

Afian AB FileRun version 2017.03.18 suffers from cross site request forgery, cross site scripting, open redirection, remote shell upload, and various other vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, csrf
MD5 | 3ff1edbfd9d2d8fe8f706e14236d4010
Linksys E Series CSRF / XSS / Denial Of Service / Header Injection
Posted Oct 17, 2017
Authored by T. Weber | Site sec-consult.com

Linksys E series devices suffer from cross site request forgery, cross site scripting, header injection, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
MD5 | 0ce91d638136df599d22cc0f4b0e53b1
Webtrekk Pixel Tracking Cross Site Scripting
Posted Oct 17, 2017
Authored by Malte Batram | Site sec-consult.com

Webtrekk Pixel Track versions 3.24 to 3.40, 4.00 to 4.40, and 5.00 to 5.04 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b3b27563cb47af66f17f10561156cccc
EMC Isilon OneFS Cross Site Scripting
Posted Oct 16, 2017
Site emc.com

EMC Isilon OneFS suffers from a reflected cross site scripting vulnerability. Versions prior to 8.1.0.1, prior to 8.0.1.2, prior to 8.0.0.6, and 7.2.1.x are affected.

tags | advisory, xss
advisories | CVE-2017-8024
MD5 | cd2e806bc83685d03ee148b1019e6beb
Webmin 1.850 SSRF / CSRF / Cross Site Scripting / Command Execution
Posted Oct 16, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Webmin version 1.850 suffers from server side request forgery, cross site request forgery, and cross site scripting vulnerabilities, the last of which can lead to remote command execution.

tags | exploit, vulnerability, xss, csrf
MD5 | e8275ecd6d49c4502a0718560697279c
WordPress Influencer Marketing And Press Release System 2.2 XSS
Posted Oct 16, 2017
Authored by Ricardo Sanchez

WordPress Influencer Marketing and Press Release System plugin version 2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bb9fd8af678bc4aeb2ce39173e2416cb
E-Sic Software livre CMS 1.0 Cross Site Scripting / SQL Injection
Posted Oct 13, 2017
Authored by Elber Tavares, Guilherme Assmann

E-Sic Software livre CMS version 1.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 62179b28a8a59dc82597a0b98daf30c8
phpMyFAQ 2.9.8 Cross Site Scripting
Posted Oct 13, 2017
Authored by Ishaq Mohammed

phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability where an attacker can embed malicious script code in the title of the faq.

tags | exploit, xss
advisories | CVE-2017-14619
MD5 | 6642a0d4af122419de48faf1002027e6
DreamBox BouquetEditor 2.0.0 Cross Site Scripting
Posted Oct 13, 2017
Authored by Thiago Sena

The BouquetEditor plugin for Dreambox 2.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-15287
MD5 | 2bd16786592db718ddb18ef56395f97c
PHP Melody 2.7.3 Cross Site Scripting / SQL Injection
Posted Oct 12, 2017
Authored by Paulos Yibelo

PHP Melody version 2.7.3 suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, php, vulnerability, xss, sql injection
MD5 | 8d8544bc3a6ba55df5cbb4bfaefe5794
OctoberCMS 1.0.425 Cross Site Scripting
Posted Oct 12, 2017
Authored by Ishaq Mohammed

OctoberCMS version 1.0.425 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-15284
MD5 | f858f84c1697f98f8c75cd03f41c39b5
WordPress PopCash.Net Publisher Code Integration 1.0 Cross Site Scripting
Posted Oct 12, 2017
Authored by Ricardo Sanchez

WordPress PopCash.Net Publisher Code Integration plugin version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4a863fef46a91466e8e4b234006dbbcd
WordPress Pootle Button 1.1.1 Cross Site Scripting
Posted Oct 12, 2017
Authored by Ricardo Sanchez

WordPress Pootie Button plugin version 1.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e5f908dc831833c1996dc7f34be65f2b
Ubuntu Security Notice USN-3447-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3447-1 - Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form.

tags | advisory, remote, web, xss
systems | linux, ubuntu
advisories | CVE-2016-4428
MD5 | d2bbd0b644f3c03fd015e4e9b8dc725b
Ubuntu Security Notice USN-3436-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3436-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to read uninitialized memory, bypass phishing and malware protection, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824
MD5 | 4323e9a9cecd97cfdc13a57218217b36
WordPress TR Easy Google Analytics 1.0.0 Cross Site Scripting
Posted Oct 10, 2017
Authored by Ricardo Sanchez

WordPress TR Easy Google Analytics plugin version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7fd157269cba46da602667f332d87998
RSA Archer GRC 6.2.0.5 XSS / File Upload / Privilege Escalation
Posted Oct 6, 2017
Authored by Erlend Leiknes, Mohit Rawat | Site emc.com

RSA Archer GRC version 6.2.0.5 suffers from cross site scripting, privilege escalation and remote file upload vulnerabilities.

tags | advisory, remote, vulnerability, xss, file upload
advisories | CVE-2017-14369, CVE-2017-14371, CVE-2017-14372, CVE-2017-8025
MD5 | ff86d3a0cf645804901bcb7686be5d89
EMC Network Configuration Manager 9.x Cross Site Scripting
Posted Oct 6, 2017
Authored by Lukasz Plonka | Site emc.com

EMC Network Configuration Manager (NCM) is affected by a reflected cross site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x are affected.

tags | advisory, xss
advisories | CVE-2017-8017
MD5 | d70b3a9108ef7564849d77bacd8d19a8
Lansweeper 6.0.0.63 Cross Site Scripting
Posted Oct 5, 2017
Authored by BackBox Team, Giovanni Cerrato, Giovanni Guido

Lansweeper version 6.0.0.63 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-9292
MD5 | cc332dfef0e4384c4af89d99a87ae698
Magento Cross Site Requst Forgery / Cross Site Scripting
Posted Oct 5, 2017
Authored by DefenseCode, Bosko Stankovic

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.

tags | exploit, vulnerability, xss, csrf
MD5 | b8e9abcbfbba8f6e6349871a393da400
Ubuntu Security Notice USN-3435-2
Posted Oct 4, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3435-2 - USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-7805, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824
MD5 | f3497adebd97cb8880f571587424512d
Magento Cross Site Requst Forgery / Cross Site Scripting
Posted Oct 4, 2017
Authored by DefenseCode, Bosko Stankovic

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.

tags | exploit, vulnerability, xss, csrf
MD5 | 6fac5f12b988c5d618dd41e90f4d5591
EPESI 1.8.2 Revision 20170830 Cross Site Scripting
Posted Oct 4, 2017
Authored by Zeeshan Shaikh

EPESI version 1.8.2 revision 20170830 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-14712, CVE-2017-14713, CVE-2017-14714, CVE-2017-14715, CVE-2017-14716, CVE-2017-14717
MD5 | f9d422039547e917ef1215c6f65ce74c
HP Security Bulletin HPESBMU03753 1
Posted Oct 3, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBMU03753 1 - Several potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Cross-site scripting, local and remote Denial of Service, local and remote execution of arbitrary code, local elevation of privilege and local unqualified configuration change. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability, xss
systems | linux, windows
advisories | CVE-2016-8743, CVE-2017-12544, CVE-2017-12545, CVE-2017-12546, CVE-2017-12547, CVE-2017-12548, CVE-2017-12549, CVE-2017-12550, CVE-2017-12551, CVE-2017-12552, CVE-2017-12553
MD5 | 3610a8a805b73bebd3f6895b697cadac
Page 1 of 607
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close