7657 matches found
Habari CMS v0.9.2 - (Backend Comments) XSS Vulnerability
Document Title: =============== Habari CMS v0.9.2 - Backend Comments XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1999 Release Date: ============= 2016-11-09 Vulnerability Laboratory ID VL-ID: ==================================== 19...
Habari CMS v0.9.2 - (Backend Comments) XSS Vulnerability
Document Title: =============== Habari CMS v0.9.2 - Backend Comments XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1999 Release Date: ============= 2016-11-09 Vulnerability Laboratory ID VL-ID: ==================================== 19...
Adobe Connect & Desktop v9.5.6 - Persistent Vulnerability
Document Title: =============== Adobe Connect & Desktop v9.5.6 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1838 Security ID: PSIRT-5180 Bulletin: https://helpx.adobe.com/security/products/connect/apsb16-35.html Vulnerabilit...
Adobe Connect 9.5.7 - Cross-Site Scripting
Document Title: =============== Adobe Connect & Desktop v9.5.7 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1838 Security ID: PSIRT-5180 Bulletin: https://helpx.adobe.com/security/products/connect/apsb16-35.html...
WordPress WassUp Real Time Analytics Plugin <= 1.9 - Persistent XSS
Because of this vulnerability attackers can inject malicious JavaScript code into the application, which will execute within the browser of any user who views the Activity Log, in general WP admin. Solution Update the plugin...
Edusson (Robotdon) BB Script Insertion
Document Title: =============== Edusson Robotdon BB - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1870 Release Date: ============= 2016-11-03 Vulnerability Laboratory ID VL-ID:...
Edusson (Robotdon) BB - Bypass & Persistent Vulnerability
Document Title: =============== Edusson Robotdon BB - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1870 Release Date: ============= 2016-11-03 Vulnerability Laboratory ID VL-ID: ==================================== 18...
Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting
Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the...
Moodle CMS 3.1.2 Cross Site Scripting / File Upload Vulnerabilities
Exploit for php platform in category web applications Title: Multiple Vulnerabilities - Moodle CMS -3.1.2 Application: Moodle CMS Versions Affected: = 3.1.2 Vendor URL: https://moodle.org/ Software URL: https://download.moodle.org/ Discovered by: Joel Vadodil Varghese Tested on: Windows 10 Pro...
Bootstrap - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-058
The Bootstrap theme enables you to integrate the Bootstrap framework with Drupal. The theme does not sufficiently filter potential user-supplied data when it's passed to certain templates can which lead to a Persistent Cross Site Scripting XSS vulnerability. CVE identifiers issued ACVE identifier...
Moodle CMS 3.1.2 Cross Site Scripting / File Upload
Title: Multiple Vulnerabilities - Moodle CMS -3.1.2 Application: Moodle CMS Versions Affected: = 3.1.2 Vendor URL: https://moodle.org/ Software URL: https://download.moodle.org/ Discovered by: Joel Vadodil Varghese Tested on: Windows 10 Pro Bugs: Persistent Cross Site Scripting, Non-Persistent...
Command injection
In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 fixed in v0.13.1.knots20161027, the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history...
Cross site scripting
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator...
CVE-2016-8581
CVE-2016-8581 is a stored XSS vulnerability in the User-Agent header of the login process of AlienVault OSSIM/USM up to version 5.3.1, allowing an attacker to steal session IDs when an admin views current sessions. Root cause: improper handling of the User-Agent header enabling script injection. ...
CVE-2016-8581
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator...
Zenbership 107 - Multiple Vulnerabilities
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: Zenbership latest version - Multiple Vulnerabilities Application: Zenbership Class: Sensitive Information disclosure Versions Affected: alert'ExploitDB' HTTP Request POST...
Windows Manage Persistent EXE Payload Installer
This Module will upload an executable to a remote host and make it Persistent. It can be installed as USER, SYSTEM, or SERVICE. USER will start on user login, SYSTEM will start on system boot but requires privs. SERVICE will create a new service which will start the payload. Again requires privs...
Zenbership 107 Cross Site Request Forgery / Cross Site Scripting
ADVISORY INFORMATION ======================================== Title: Zenbership latest version - Multiple Vulnerabilities Application: Zenbership Class: Sensitive Information disclosure Versions Affected: alert'ExploitDB' HTTP Request POST /zenbership/pp-functions/formprocess.php HTTP/1.1 Host:...
Zenbership 107 - Multiple Vulnerabilities
ADVISORY INFORMATION ======================================== Title: Zenbership latest version - Multiple Vulnerabilities Application: Zenbership Class: Sensitive Information disclosure Versions Affected: alert'ExploitDB' HTTP Request POST /zenbership/pp-functions/formprocess.php HTTP/1.1 Host:...
XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting
XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: XhP CMS 0.5.1 - Cross-Site Request Forgery to Persistent Cross-Site Scripting Exploit Author: Ahsan Tahir Date: 19-10-2016 Software Link: https://sourceforge.net/projects/xhp/ Vendor:...