7655 matches found
NXFilter 3.0.3 Cross Site Scripting
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NXFILTER-XSS.txt Vendor: ================================ www.nxfilter.org/p2/ Product: ================================ NXFilter v3.0.3 Vulnerability Type: =========================...
TestLink 1.9.14 Cross Site Scripting
Information ================================= Name: Persistent XSS Vulnerability in TestLink 1.9.14 Affected Software: TestLink Affected Versions: 1.9.14 and possibly below Vendor Homepage: http://testlink.org/ Severity: High Status: Fixed Vulnerability Type: =================================...
CubeCart 6.0.7 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: CubeCart 6.0.7 Fixed in: 6.0.8 Fixed Version Link: https://www.cubecart.com/thank-you/CubeCart-6.0.8.zip Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/2015...
NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities
NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NXFILTER-XSS.txt Vendor: ================================ www.nxfilter.org/p2/ Product: ================================...
Magento Bug Bounty #22 - (Profile) Persistent Vulnerability
Document Title: =============== Magento Bug Bounty 22 - Profile Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1636 Magento Security ID: APPSEC-1121 Release Date: ============= 2015-11-06 Vulnerability Laboratory ID VL-ID:...
Magento Bug Bounty #22 - (Profile) Persistent Vulnerability
Document Title: =============== Magento Bug Bounty 22 - Profile Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1636 Magento Security ID: APPSEC-1121 Release Date: ============= 2015-11-06 Vulnerability Laboratory ID VL-ID:...
CVE-2004-0230
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service connection loss to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP...
Imgur: Persistent XSS in https://p.imgur.com/albumview.gif and http://p.imgur.com/imageview.gif / post statistics
In p.imgur.com/albumview.gif, a post paramater could be set containing html and javascript. This was not escaped properly and the code would be executed. The reporter used the following example URLs as a proof of concept https://p.imgur.com/albumview.gif?a=F78FO&r=https://community.imgur.com/aler...
Zope Management Interface CSRF vulnerabilities
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application...
WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability
Document Title: =============== WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1595 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID:...
UDID v1.0 iOS - Persistent Mail Encode Vulnerability
Document Title: =============== UDID v1.0 iOS - Persistent Mail Encode Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1590 Release Date: ============= 2015-09-22 Vulnerability Laboratory ID VL-ID: ==================================== 1590...
Imgur: Persistent XSS in image title
When adding a title to uploaded images, one can insert XSS into the title which is then executed for anyone viewing the image. PoC contains a harmless XSS: http://imgur.com/bSZwUBG&rAmpN4O How to recreate: 1. Open the Image Options page for an album. 2. Press "Add Title / Description" 3. Enter so...
Realtyna RPL 8.9.2 CSRF / Cross Site Scripting
Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities Vendor: Realtyna LLC Product web page: https://www.realtyna.com Affected version: 8.9.2 Summary: Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on...
Realtyna RPL Joomla Extension 8.9.2 - Persistent XSS And CSRF Vulnerabilities
Exploit for php platform in category web applications Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities Vendor: Realtyna LLC Product web page: https://www.realtyna.com Affected version: 8.9.2 Summary: Realtyna CRM Client Relationship Management Add-on for RPL is a Real...
HP Client Automation and Radia Client Automation is vulnerable to remote code execution
Overview Radia Client Automation previously sold under the name HP Client Automation agent prior to version 9.1 is vulnerable to arbitrary remote code execution. Description According to ZDI's advisory for ZDI-15-363, which has been assigned CVE-2015-7860: "This vulnerability allows remote...
CVE-2015-7863
The default configuration of Persistent Accelerite Radia Client Automation formerly HP Client Automation 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions vi...
CVE-2015-7862
Persistent Accelerite Radia Client Automation formerly HP Client Automation 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors...
CVE-2015-7860
Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation formerly HP Client Automation, possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling...
Stack overflow
Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation formerly HP Client Automation, possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling...
CVE-2015-7863
CVE-2015-7863 affects Persistent Accelerite Radia Client Automation (formerly HP Client Automation) versions 7.9–9.1 prior to 2015-02-19. The root cause is the default configuration failing to protect the Remote Notify feature with Extended Notify Security, allowing a remote attacker to bypass ac...