Hide My WP <= 4.51.1 - Stored Cross-Site Scripting (XSS)

An attacker can make a fake attack attempt, with a JavaScripting payload, which will be logged by the plugin, resulting in XSS. The attacker also can spoof their IP address in the logs by setting the X-FORWARDED-FOR header. curl --referer ' // :; ;' --header 'X-FORWARDED-FOR: 8.8.8.8'...

Epicor Retail Store Help System 3.2.03.01.008 Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Code Injection in Epicor Retail Store Help System CVE: CVE-2015-2210 Vendor: Epicor Product: CRS Retail Store v3.2.03.01.008 Affected version: 3.2.03.01.008 Reported by: Zeng Xianbo Joseph [email protected] Issue identified by: Zeng...

Stored XSS Vulnerability found on Atlassian

Hi ! My name is Andi Rrahmani and i am an Independent Security Researcher. I am writing this email to let you know of a Stored XSS Vulnerability that i found on atlassian.com . You will have the POC as an atachment to this report that i am making. Now i will show you in details how i managed to...

Stored XSS Vulnerability found on Atlassian

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47027. panel Hi ! I am writing this email to let you know of a Stored XSS Vulnerability that i found on atlassian.com . You will...

WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

No description provided by source. !/usr/bin/ruby Exploit Title: WordPress Count per Day 3.2.5 CSRF Google Dork: inurl:/wp-content/plugins/count-per-day Date: 18.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage:...

businesswiki 2.5rc3 - Stored XSS & arbitrary file upload

No description provided by source. !/usr/bin/python ''' Exploit Title: Stored XSS & Arbitrary File Upload Vulnerabilities in BusinessWiki. Date: 23/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://onbusinesswiki.com/ Software Link:...

Wordpress Zingiri Web Shop Plugin <= 2.4.2 Persistent XSS

No description provided by source. Wordpress Zingiri Web Shop Plugin = 2.4.2 Stored XSS Exploit Title: Wordpress Zingiri Web Shop Plugin = 2.4.0 Stored XSS Google Dork: Date: 30 Apr 2012 Author: Mehmet Ince Twitter: https://twitter.com/!/mmetince Company: Bilgi Guvenligi Akademisi www.bga.com.tr...

XWiki 4.2-milestone-2 Multiple Stored XSS Vulnerabilities

No description provided by source. Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version: 4.2-milestone-2 Gr33Tz:...

ASUS router drive-by code execution via XSS and authentication bypass

ASUS router drive-by code execution via XSS and authentication bypass ===================================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/asus-router-auth-bypass.txt Overview -------- Various ASUS routers contai...

ASUS Router Authentication Bypass / Cross Site Scripting

ASUS router drive-by code execution via XSS and authentication bypass ===================================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/asus-router-auth-bypass.txt Overview -------- Various ASUS routers contai...

Bitcoin Talk forum hacked; Database for Sale by Hacker; Website currently down

Bitcoin Talk, the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable. Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by "The Hole Seekers" and selling 150,000 emails and hashed passwords stolen from...

Bitcoin Talk forum hacked; Database for Sale by Hacker; Website currently down

Bitcoin Talk, the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable. Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by “The Hole Seekers” and selling 150,000 emails and hashed passwords stolen from...

Xorbin Digital Flash Clock 1.0 For WordPress XSS

==================================================================== Xorbin Digital Flash Clock 1.0 Plugin for Wordpress Flash-based XSS ==================================================================== Description: This plugin displays digital flash clock on your website. It's easy to use and...

WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

Exploit for php platform in category web applications Because this is my first Vulnerability I ever found by my self, I wrote a PoC script I know that this is overkill and the Vulnerability is trivial to exploit :P The JavaScript Payload is executed when the Admin views Count per Day - Statistics...

WordPress Count Per Day 3.2.5 XSS

!/usr/bin/ruby Exploit Title: WordPress Count per Day 3.2.5 CSRF Google Dork: inurl:"/wp-content/plugins/count-per-day Date: 18.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage: http://wordpress.org/extend/plugins/count-per-day/ Software Link:...

WordPress Plugin Count Per Day 3.2.5 - &#039;counter.php&#039; Cross-Site Scripting

!/usr/bin/ruby Exploit Title: WordPress Count per Day 3.2.5 CSRF Google Dork: inurl:"/wp-content/plugins/count-per-day Date: 18.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage: http://wordpress.org/extend/plugins/count-per-day/ Software Link:...

Operation High Roller Now Targets Europe's SEPA Network and Large US Bank

The criminals behind Operation High Roller, a complex wire-fraud scheme that has scammed high-end banking customers out of millions, have added a new dimension of automation to their attacks and expanded their efforts beyond Europe and have targeted a major U.S. bank. Researchers at McAfee provid...

Wiki Web Help 0.3.9 Cross Site Scripting

Exploit Title: Multiple Stored XSS Vulnerabilities in Wiki Web Help. Date: 23/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://wikiwebhelp.org Software Link: http://sourceforge.net/projects/wwh/files/wwh-0.3.9.7z/download Version: 0.3.9 Gr33Tz: @aviadgolan , @benhayak,...

op5 Monitoring 5.4.2 XSS / CSRF / SQL Injection

Author: loneferret of Offensive Security Product: op5 Monitoring VM appliance Version: 5.4.2 Vendor Site: http://www.op5.com/ Software Download: http://www.op5.com/get-op5-monitor/get-started/ Software Description: op5 is a market leading developer of Open Source Management solutions. op5 develop...

Useresponse 1.0.2 Backdoor / CSRF / Code Execution

!/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns found by bcoles @bclose and mrme @netninja exploit by...