ZeusCart 4.0 - Cross-Site Request Forgery

ZeusCart 4.0 - Cross-Site Request Forgery ZeusCart 4.0: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendo...

blog.bluestone.com XSS vulnerability

Vulnerable URL: http://blog.bluestone.com/wp-admin/admin-ajax.php?action=revsliderajaxactionaction= Rahul Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 22:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

ZeusCart 4.0 Cross Site Request Forgery

ZeusCart 4.0: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public:...

ZeusCart 4.0 Cross Site Scripting

ZeusCart 4.0: XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 09/14/201...

ZeusCart 4.0 Code Execution

ZeusCart 4.0: Code Execution Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclose...

Shopify: www.shopify.com XSS on blog pages via sharing buttons

social sharing buttons facebook and linkedin vulnerable to xss at www.shopify.com/guides/ www.shopify.com/videos/ and www.shopify.com/success-stories/ steps to reproduce: - go to page https://www.shopify.com/videos/pop-up-shop?x=';alert1// - share this page by clicking facebook or linkedin sharin...

Serendipity 2.0.1 Cross Site Scripting

Serendipity 2.0.1: Persistent XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected] Vulnerabili...

KLA10655 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities 1. Lack of content...

Serendipity 2.0.1 Blind SQL Injection

Serendipity 2.0.1: Blind SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected]...

D-Link Cookie Command Execution

This module exploits an anonymous remote upload and code execution vulnerability on different D-Link devices. The vulnerability is a command injection in the cookie handling process of the lighttpd web server when handling specially crafted cookie values. This module has been successfully tested ...

Pornhub: [reflected xss, pornhub.com] /blog, any

The researcher identified that the following URL for the Pornhub blog was vulnerable to reflected/semi-stored cross site scripting, which enabled the researcher to craft a URL that pops multiple alert boxes as the page is loading. The affected url can be seen below:...

ModX Revolution 2.3.5-pl Cross Site Scripting Vulnerability

ModX Revolution version 2.3.5-pl suffers from a reflective cross site scripting vulnerability. ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability Security Advisory – Curesec Research Team 1. Introduction Affected Product: ModX Revolution 2.3.5-pl Fixed in: not fixed Fixed...

ModX Revolution 2.3.5-pl Cross Site Scripting

ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability Security Advisory – Curesec Research Team 1. Introduction Affected Product: ModX Revolution 2.3.5-pl Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: Reflected XSS Remote...

spletnik.ru XSS vulnerability

Vulnerable URL: http://www.spletnik.ru/blogs/govoryatchto/113769mozhet-pora-chto-to-sdelat?x"...

spletnik.ru XSS vulnerability

Vulnerable URL: http://www.spletnik.ru/blogs/prozvezd/113718poklonskaya-u-sobchak-ne-khvataet-intellektualnykh-dannykh?x"...

spletnik.ru XSS vulnerability

Vulnerable URL: http://www.spletnik.ru/blogs/moda/83086vse-pobeditelnitcy-shou-american-top-model?x"...

DIY-CMS blog mod SQL Injection (CVE-2011-5140)

An SQL injection vulnerability has been reported in DIY-CMS blog mod. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Warning! Update Mozilla Firefox to Patch Critical File Stealing Vulnerability

Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in...

callbackhunter.com XSS vulnerability

Vulnerable URL: http://callbackhunter.com/blog/?lang=ru"...

ok.ru: cross siite scripting in the blog

@cyberboy reported the following issue: Well your domain http://blog.ok.ru/ gets redirected to http://insideok.ru which seems to be your domain as well . I confirmed that by making a whois check up. The search parameter has a reflected cross site scripting vulnerability in it The direct URL of th...