[webapps] Webedition CMS v2.9.8.8 – Stored XSS
Webedition CMS v2.9.8.8 – Stored XSS
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
Webedition CMS v2.9.8.8 – Stored XSS
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
Webedition CMS v2.9.8.8 – Remote Code Execution (RCE)
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
Webutler v3.2 – Remote Code Execution (RCE)
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
WordPress Plugin EventON Calendar 4.4 – Unauthenticated Post Access via IDOR
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
WordPress Plugin EventON Calendar 4.4 – Unauthenticated Event Access
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry’s CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a…
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An…
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content…
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the…
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user’s browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could…