12 Free, Ready-to-Use Security Tools

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.

CVE-2018-18282
PUBLISHED: 2018-10-12

Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.

CVE-2018-14664
PUBLISHED: 2018-10-12

A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the clie…

CVE-2018-15755
PUBLISHED: 2018-10-12

Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.

CVE-2018-16210
PUBLISHED: 2018-10-12

WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.