ZOHO ManageEngine Log360 code issue vulnerability

ZzOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.A code issue...

ZOHO ManageEngine Log360 Code Injection Vulnerability

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity and comply with regulatory requirements.A code injection...

Detecting the "Next" SolarWinds-Style Cyber Attack

The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, t...

CVE-2020-25833

Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack...

Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting

Exploit Title: Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-12 Vendor Homepage: https://froxlor.org/ Software Link: https://froxlor.org/download/ Version: 0.10.16 Document Title: =============== Froxlor v0.10.16 ...

SugarCRM 6.5.18 - Persistent Cross-Site Scripting

Exploit Title: SugarCRM 6.5.18 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-16 Vendor Homepage: https://www.sugarcrm.com Version: 6.5.18 Document Title: =============== SugarCRM v6.5.18 - Contacts Persistent Cross Site Web Vulnerability References Source:...

KeeWeb 1.14.0 HTML Injection

Document Title: =============== KeeWeb v1.14.0 - Notes Html Inject Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2237 Release Date: ============= 2020-05-06 Vulnerability Laboratory ID VL-ID: ==================================== 2237...

Folder Lock 3.4.5 Cross Site Scripting

Document Title: =============== Folder Lock v3.4.5 iOS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2210 Release Date: ============= 2020-04-20 Vulnerability Laboratory ID VL-ID: ==================================== 221...

TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection

Title: TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.taotesting.com Software Link: https://www.taotesting.com/product/ CVE: N/A Document Title: =============== TAO Open Source Assessment Platform v3.3.0 RC02 -...

TAO AP v3.3.0 RC02 - Multiple Web Vulnerabilities

Document Title: =============== TAO AP v3.3.0 RC02 - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2215 Release Date: ============= 2020-04-15 Vulnerability Laboratory ID VL-ID: ==================================== 2215...

Tricky Phish Angles for Persistence, Not Passwords

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user's data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file...

Chamilo LMS 1.11.8 firstname Cross Site Scripting

Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-06 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS:...

Chamilo LMS 1.11.8 Cross Site Scripting

Exploit Title: Chamilo LMS 1.11.8 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-05 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS: Kali Linux...

Billion ADSL Router 400G 20151105641 - Cross-Site Scripting

Billion ADSL Router 400G 20151105641 - Cross-Site Scripting Exploit Title: Billion ADSL Router 400G 20151105641 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-30 Vendor Homepage: http://www.billion.com Software Link: http://billionfirmware.co.za Tested Version: 20151105641 Tested on...

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Author: Cakes Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK 2.1.1 Tested on O...

Netis ADSL Router DL4322D RTK 2.1.1 Cross Site Scripting

Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-16 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK 2.1.1 Tested on OS: Kali Linux CVE: N/A...

Vox TG790 ADSL Router Cross Site Scripting

Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are able to create a persistent Cross-Site scriptin...

Vox TG790 ADSL Router - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are able to creat...

Adobe Systems - Arbitrary Code Injection Vulnerability

Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...

Adobe Systems Main lead DBMS Arbitrary Code Injection

Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...