CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box

CVE-2014-1599 39 Type-1 XSS in SFR ADSL/Fiber Box. SFR is the french Vodafone estimated DSL user base of 5.2 Millions. affected product: SFR BOX NB6-MAIN-R3.3.4 vulnerabilities: /network/dns 5 non-filtered Type-1 XSS /network/dhcp 6 non-filtered Type-1 XSS /network/nat 7 non-filtered Type-1 XSS...

plexusCMS 0.5 - Cross-Site Scripting / Remote Shell / Credentials Leak

Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execute backdoor commands.txt list of useful commands for owning remote...

Multiple AVM FRITZ!Box Multiple Vulnerabilities - Active Check

AVM FRITZ!Box is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:avm:fritz%21os"; ifdescription...

CVE-2014-1599

Multiple cross-site scripting XSS vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 dns, 2 dhcp, 3 nat, 4 route, or 5 lan in network/; or 6 wifi/config...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 dns, 2 dhcp, 3 nat, 4 route, or 5 lan in network/; or 6 wifi/config...

CVE-2014-1599

Multiple cross-site scripting XSS vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 dns, 2 dhcp, 3 nat, 4 route, or 5 lan in network/; or 6 wifi/config...

CVE-2014-1599

CVE-2014-1599 relates to multiple XSS vulnerabilities in the SFR Box NB6 router, firmware NB6-MAIN-R3.3.4. Public sources describe non-filtered inputs in several UI endpoints: /network/dns, /network/dhcp, /network/nat, /network/route, /network/lan, and /wifi/config, which can reflect arbitrary sc...

[bWAPP] an extremely buggy web application!

bWAPP, or a buggy web application, is a deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so uniqu...

CS Chat-r-box csChatRBox.cgi setup Parameter Code Execution - Ver2 (CVE-2002-1752)

A code execution vulnerability has been reported in Cgiscript.net Cschat-r-box. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

AVM FRITZ!Box / FRITZ!OS Detection Consolidation

Consolidation of AVM FRITZ!Box and FRITZ!OS detections. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple AVM FRITZ!Box Multiple Vulnerabilities - Version Check

AVM FRITZ!Box is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:avm:fritz%21os"; ifdescription...

My PDF Creator DE DM 1.4 iOS - Multiple Vulnerabilities

My PDF Creator DE DM 1.4 iOS - Multiple Vulnerabilities Document Title: =============== My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1201 Release Date: ============= 2014-02-16 Vulnerability...

WordPress Better WP Security 3.6.3 XSS / Disclosure

Exploit Title: Wordpress Plugin - Better WP Security multiple vulnerability Date: 2014 11 Fabruary Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: https://wordpress.org/plugins/better-wp-security/ Tested on: Lin...

Chrome Pop-Up Warns Windows Users of Browser Hijacking

A rising number of online scams involve the modification of browser settings where a hacker spikes a free download or website with malware. The end result is generally a click-fraud scheme of some kind where the new browser settings might include spiked search engine pages or a new home page...

Wah all the system stored xss vulnerability can be comfortably back impact thousands of hosting service providers-vulnerabilities and early warning-the black bar safety net

Brief description: Hua Zhong system discoveredXSSvulnerability, affecting thousands of hosting service providers Detailed description: Hua Zhong, the WinIIS, star outside AMAXSSvulnerability is proof many times, the estimates are now fixed. But Hua all the following vulnerabilities, the estimate ...

Ability Mail Server 2013 -Persistent Cross-Site Scripting / Cross-Site Request Forgery (Password Reset)

On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and set Password. In this case I created a user named, victim, with a password of victim 5. Finish...

Stable Channel Update

Chrome has been updated to 32.0.1700.102 for Windows, Mac, Linux and Chrome Frame. This update has fixes for the following issues: Mouse Pointer disappears after exiting full-screen mode. 317496 Drag and drop files into Chrome may not work properly. 332579 Quicktime Plugin crashes in Chrome. 3084...

Starbucks' iOS app storing user credentials in plain text

Watch out, coffee drinkers. If you are one of those 10 million Starbucks customers, who purchases drinks and food directly from their Smartphones, this news is for you! If you use Starbucks’ official iOS app, you should know that the company is not encrypting any of your information, including yo...

Ecmall某建站模板搜索框SQL注射

简要描述： SQL注射 详细说明： http://www.tuutao.com/index.php 土淘网 用的Ecmall的建站模板，用过这个模板的应该都通杀了吧 存在搜索框注入，注入点为： http://www.tuutao.com/index.php?app=store&act=search&id=45&keyword=aaa&minprice=100&maxprice=10000 首先将获取get传来的参数，然后组合到一个sql查询语句condition中： 1.search.app.php中的这段代码就是构建查询min和max价格的sql代码，没有过滤： / 取得查询条件语句...

Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability

start "backgroundexec" cbcs.exe listen -cp:faggot -bp:hacker | echo "" shell.php Usage Info Edit the code and run ! import urllib import urllib2 Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability Work only on windows box def requesturl, params=None, method='GET': if method ==...