Astaro Security Linux 5 'index.fpl' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38893/info Astaro Security Linux is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Thomson SpeedTouch 500 Series LocalNetwork Page name Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16839/info The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Pinnacle Cart Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13138/info Pinnacle Cart is affected by a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...

EVA-Web 2.1.2 index.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/18161/info EVA-Web is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

SiteEnable 3.3 Login.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16009/info SiteEnable is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

Oracle e-Business Suite - Multiple Vulnerabilities

No description provided by source. Oracle E-Business Suite is prone to multiple authentication-bypass and HTML-injection vulnerabilities. Attackers could exploit these issues to steal cookie-based authentication credentials, perform unauthorized actions, or bypass certain security restrictions...

Adobe Flash Player - Shader Buffer Overflow (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Adobe Flash Player Shader Buffer Overflow", 'Description' = %q This module exploits a buffer overflow vulnerability in Adobe Flash...

MS14-012 Internet Explorer TextRange Use-After-Free

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-012 Internet Explorer TextRange Use-After-Free", 'Description' = %q This module exploits a use-after-free vulnerability found in...

Cory Support "q" SQL注入漏洞

Cory Support是一款PHP应用。 由于通过"q" GET参数传递到loadsolve.php的输入在被用于SQL查询前未能正确过滤，攻击者可以利用漏洞通过注入任意SQL代码操纵SQL查询。 0 Cory Support 1.0 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://coryapp.com/page.php?id=1 // GET MySQL Injection with "q" Parameter in /loadsolve.php 1 : ?php 2 :...

Internet Bug Bounty: Flash local-with-fileaccess Sandbox Bypass

The proof of concept attached will exploit the implementation of flash in some browsers that will bypass the local-with-fileaccess sandbox. By encoding in ignored file:// uri characters, and navigating to another page with a decoder script. one is able to read arbitrary files AND parse it to the...

[Xenotix XSS Exploit Framework v4] Advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine Trident, WebKit, and Gecko embedded scanner. It is claimed to have the world’s 2nd...

AlgoSec Firewall Analyzer 6.4 Cross Site Scripting

================================================================================================================================================================ AlgoSec Firewall Analyzer Version v6.4 cross-site scripting XSS Vulnerability...

Simple File Manager v.024 - Login Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple File Manager v.024 Login Bypass Vulnerability Date Published: 2013/6/17 Exploit Author: Chako Software Link: http://onedotoh.sourceforge.net/ Version: v.024 Doesn't work on v.025 Description: ===================== A...

Cisco Prime Infrastructure Rogue AP SSID Cross-Site Scripting Vulnerability

A vulnerability in the wireless configuration module of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to insert scripts into the listing of rogue access points. The vulnerability is due to a failure to properly sanitize SSIDs before inserting them into the XML windowi...

HTML5 browser exploit can flood your Hard Drive with junk data

Feross Aboukhadijeh, 22-year-old Web developer from Stanford has discovered HTML5 browser exploit can flood your Hard Drive with Cat and Dogs i.e junk data. Many times a website needs to leave a little data i.e 5-10KB on your computer like a cookie, but HTML5 allow sites to store larger amounts o...

Amateur Photographer's Image Gallery - 'plist.php?albumid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/56110/info Amateur Photographer's Image Gallery is prone to multiple SQL injection vulnerabilities, a cross-site scripting vulnerability, and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied...

TEMENOS T24 R07.03 Authentication Bypass

TEMENOS T24 R07.03 authentication bypass Class: Access Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to an authentication bypass vulnerability as it fails to properly enfor...

Temenos T24 R07.03 Authentication Bypass

TEMENOS T24 R07.03 authentication bypass Class: Access Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to an authentication bypass vulnerability as it fails to properly enfor...

Barracuda SSL VPN - launchAgent.do?return-To Cross-Site Scripting

Barracuda SSL VPN - launchAgent.do?return-To Cross-Site Scripting source: https://www.securityfocus.com/bid/54593/info Barracuda SSL VPN 680 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues t...

Barracuda SSL VPN - 'launchAgent.do?return-To' Cross-Site Scripting

source: https://www.securityfocus.com/bid/54593/info Barracuda SSL VPN 680 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...