CVE-2014-7278

CVE-2014-7278 affects ZyXEL SBG-3300 Security Gateway (firmware 1.00(AADY.4)C0 and earlier). The vulnerability allows remote attackers to trigger a Denial of Service by injecting JavaScript in the loginMsg used by the login page’s welcome message form, causing a persistent web-interface outage. T...

CVE-2014-5318

The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities

Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities Exploit Title: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities Google Dork: intitle:"Powered by Pro Chat Rooms" Date: 5 August 2014 Exploit Author: Mike Manzotti @ Dionach Ltd Vendor Homepage: http://prochatrooms.com Software Link:...

Fixed potential path traversal attack and remote code injection

This is a security release. All users MUST upgrade to this release to prevent two potential security issues: - path traversal attack - remote code injection These two security issues have been reported by Andreas Forsblom. THANKS! Below is the original report Andreas sent me: Hi William, First,...

CVE-2014-1561

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...

Design/Logic Flaw

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...

Juniper Junos 8.5/9.0 J-Web Interface /diagnose Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web Juniper Web Management. Attacker-supplie...

Cisco DPC2420 Multiples Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - Title: DPC2420 Multiple vulnerabilities - Author: Facundo M. de la Cruz tty0 - E-mail: [email protected] =20 0x00 Details Vendor : Cisco Model : DPC2420 type : Cablemodem router.=20 Firmware:...

Habari Blog Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22732 Reference: http://www.htbridge.ch/advisory/pathdisclosureinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure...

diafan.cms 4.3 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22777 Reference: http://www.htbridge.ch/advisory/xsrfcsrfindiafancms.html Product: diafan.CMS Vendor: Diafan http://www.diafan.ru/ Vulnerable Version: 4.3 and probably prior versions Vendor Notification: 28 December 2010 Vulnerability Type:...

php-decoda - Cross-Site Scripting In Video Tag

No description provided by source. Advisory: php-decoda: Cross-Site Scripting in Video Tags RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the PHP markup parser Decoda. This allows attackers that should be restricted to the markup supported by Decoda to specify a...

Wolf CMS 0.6.0b Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22681 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinwolfcms.html Product: Wolf CMS Vendor: Wolf CMS team http://www.wolfcms.org/ Vulnerable Version: 0.6.0b and probably prior versions Vendor Notification: 09 November 2010 Vulnerabilit...

e107 1.0.2 - CSRF Resulting in SQL Injection

No description provided by source. Exploit Title: e107 v1.0.2 Administrator CSRF Resulting in SQL Injection Google Dork: intext:This site is powered by e107 Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability

No description provided by source. Exploit Title: KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability Date: 2010-08-11 Author: fdisk @fdiskyou e-mail: fdiskyou at deniable.org Software Link: http://www.knowledgetree.com/products/community/download Version: 3.5.2 Notes: Fixed in the...

Online Subtitles Workshop XSS Vulnerability

No description provided by source. =================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitles Workshop XSS...

Diferior 8.03 Multiple XSS Vulnerabilities

No description provided by source. Vulnerability ID: HTB22721 Reference: http://www.htbridge.ch/advisory/storedxsscrosssitescriptingvulnerabilityindiferior.html Product: Diferior Vendor: Povilas Musteikis http://www.diferior.com/ Vulnerable Version: 8.03 and probably prior versions Vendor...

Microsoft Internet Explorer 6.0/7.0 RemoveChild Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20812/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to execute certain JavaScript code. Successfully exploiting this issue will cause the...

Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24837/info Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers. Exploiting the...

Netscape Navigator 4.0.8 'about:' Domain Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment field, it is treated like a...

Linksys WRT160N - Multiple Vulnerabilities

No description provided by source. Device Name: Linksys WRT160Nv2 Vendor: Linksys/Cisco ============ Device Description: ============ Best For: Delivers plenty of speed and coverage, so large groups of users can go online, transfer large files, print, and stream stored media Features: Fast...