Thomson Router TWG850-4U XSS / CSRF / Unauthenticated Access

System Affected Thomson Router HW Revision 2.0 VENDOR Thomson BOOT Revision 2.1.7i MODEL TWG850-4U Software Version ST9D.01.09 Serial Number 00939902404041 Firmware Name TWG850-4U-9D.01.09-100528-S-001.bin Vulnerabilities 1- Cross-Site Request Forgery 2- Unauthenticated access to resources 3-...

Proofpoint Warns Of New MSIL/Crimson Tied To Cyber Espionage

Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites. Researchers at Proofpoint this week published a report on Operation Transparent Tribe, which was ongoing as of Feb. 11...

Liferay Portal 5.1.2 Cross Site Scripting

Exploit Title: Liferay Portal 5.1.2 - Persistent XSS Discovery Date: 2016-02-10 Exploit Author: Sarim Kiani Vendor Homepage: https://www.liferay.com Software Link: https://www.liferay.com/community/releases Version: 5.1.2 Tested on: Windows OS Liferay Portal 5.1.2 is an open source version of...

WordPress CP Polls 1.0.8 File Upload / Cross Site Scripting

Exploit Title: WordPress CP Polls 1.0.8 - Cross-site file upload & persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI: http://wordpress.dwbooster.com/forms/cp-polls Version: 1.0.8...

WordPress CP Polls 1.0.8 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: WordPress CP Polls 1.0.8 - CSRF - Update poll settings & Persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI: http://wordpress.dwbooster.com/forms/cp-polls Version: 1.0.8...

perfact::mpa Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-066 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...

WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities

WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities Exploit Title: WordPress CP Polls 1.0.8 - CSRF - Update poll settings & Persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI:...

WordPress CP Polls 1.0.8 Plugin - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress CP Polls 1.0.8 - CSRF - Update poll settings & Persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI:...

WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities

Exploit Title: WordPress CP Polls 1.0.8 - CSRF - Update poll settings & Persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI: http://wordpress.dwbooster.com/forms/cp-polls Version: 1.0.8...

Fing 3.3.0 Persistent Mail Encoding

Document Title: =============== Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1772 Release Date: ============= 2016-02-29 Vulnerability Laboratory ID VL-ID: ====================================...

Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability

Document Title: =============== Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1772 Release Date: ============= 2016-02-28 Vulnerability Laboratory ID VL-ID: ====================================...

X (Formerly Twitter): Tweet Deck XSS- Persistent- Group DM name

Hello Group names in tweetdeck.twitter.com aren't filtered properly, giving scope for Cross site vulnerability attacks. Challenge I have faced while escalating the xss: - group name can only be 9 character long. How i bypassed it: Set multiple group names with different payloads, which means we c...

WordPress User Submitted Posts 20151113 Cross Site Scripting

Exploit Title: WordPress User Submitted Posts Plugin Persistent XSS Discovery Date: 2016-02-10 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: https://plugin-planet.com/ Software Link: https://wordpress.org/plugins/user-submitted-posts/ Version:...

eFront Learning CMS 3.6.15.6 Cross Site Scripting

Document Title: =============== eFront Learning 3.6.15.6 CMS - Forum Persistent Title Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1761 Release Date: ============= 2016-02-23 Vulnerability Laboratory ID VL-ID:...

eFront Learning CMS 3.6.15.6 Cross Site Scripting

Document Title: =============== eFront 3.6.15.6 CMS – Message Attachment Persistent Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1765 Release Date: ============= 2016-02-24 Vulnerability Laboratory ID VL-ID:...

WordPress Calculated Fields Form 1.0.x Session Hijacking

Exploit Title: WordPress Calculated Fields Form =1.0.x - Httponly bypass & admin session hijackig. Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/calculated-fields-form/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI:...

GTA WAF GB-OS v6.2.02 - Bypass & Persistent Vulnerability

Document Title: =============== GTA WAF GB-OS v6.2.02 - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1713 Release Date: ============= 2016-02-24 Vulnerability Laboratory ID VL-ID: ====================================...

Apache Tomcat 6.0.x < 6.0.45 Multiple Vulnerabilities

According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.45. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the getResource, getResourceAsStream, and getResourcePaths...

Ubiquiti Networks airCRM Cross Site Scripting

Document Title: =============== Ubiquiti Networks Bug Bounty 9 - Invoice Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1728 Release Date: ============= 2016-02-22 Vulnerability Laboratory ID VL-ID:...

eFront 3.6.15.6 CMS – Attachment Cross Site Vulnerability

Document Title: =============== eFront 3.6.15.6 CMS – Attachment Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1765 Release Date: ============= 2016-02-23 Vulnerability Laboratory ID VL-ID: ====================================...