7655 matches found
Attackers Replacing Firmware on Cisco Routers
Cisco routers are built into the fabric of the Internet and enterprise networks, a fact that makes them highly attractive targets for attackers. Researchers at FireEye have come across attacks recently in which hackers have been modifying the firmware of Cisco routers and using that foothold to...
Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities
Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt Vendor: ================================ www.igniterealtime.org/projects/openfire...
Shopify Input Validation
Document Title: =============== Shopify Bug Bounty 8 - FilePath Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1592 Release Date: ============= 2015-09-04 Vulnerability Laboratory ID VL-ID: ====================================...
Magento Cross Site Scripting
Document Title: =============== Magento Bug Bounty 19 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1570 ID: APPSEC-1059 Release Date: ============= 2015-09-11 Vulnerability Laboratory ID VL-ID:...
Researchers Outline Bugs in Yahoo, PayPal, Magento
Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, and phishing, among other consequences. Hadji Samir, Ebrahim Hegazy,...
Magento Bug Bounty #19 - Persistent Filename Vulnerability
Document Title: =============== Magento Bug Bounty 19 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1570 ID: APPSEC-1059 Release Date: ============= 2015-09-11 Vulnerability Laboratory ID VL-ID:...
BlackHat topics: SMBS not only to share your files-bug warning-the black bar safety net
In this paper, we show a new attack method to crack the Windows SSO Single Sign On feature, affecting all versions of Windows including the latest Windows 10, Microsoft's SMB(Server Message Block Protocol, within the network to attack the SMB technology has appear a long time, this new type of...
tomcat: non-persistent DoS attack by feeding data by aborting an upload
It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made...
Magento Bug Bounty #19 - Persistent Filename Vulnerability
Document Title: =============== Magento Bug Bounty 19 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1570 ID: APPSEC-1059 Release Date: ============= 2015-09-10 Vulnerability Laboratory ID VL-ID:...
WordPress Contact Form Generator <= 2.0.1 - Multiple CSRF Vulnerabilities
Exploit for php platform in category web applications Live Demos. It is packed with a Template Creator Wizard to create fantastic forms in a matter of seconds without coding. copy of ´contactformgenerator.php´ file =================== TECHNICAL DETAILS =================== A CSRF issue was found i...
WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities Live Demos. It is packed with a Template Creator Wizard to create fantastic forms in a matter of seconds without coding. copy of ´contactformgenerator.php´ file =================== TECHNICAL...
GeniXCMS 0.0.3 - XSS Vulnerabilities
漏洞标题:持续性XSS 厂商主页: genixcms.org 软件链接: genixcms.org 版本: 0.0.3 测试于: windows 7 类别: web应用 厂商:=============================================genixcms.org产品:=====================================================GeniXCMS v0.0.3 是一个基于PHP的管理系统 咨询信息:===================================================多个持续型&反射型...
Shopify Bug Bounty #8 - (FilePath) Cross Site Vulnerability
Document Title: =============== Shopify Bug Bounty 8 - FilePath Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1592 Release Date: ============= 2015-09-04 Vulnerability Laboratory ID VL-ID: ====================================...
Shopify Bug Bounty #8 - (FilePath) Cross Site Vulnerability
Document Title: =============== Shopify Bug Bounty 8 - FilePath Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1592 Release Date: ============= 2015-09-03 Vulnerability Laboratory ID VL-ID: ====================================...
Bedita 3.5.1 - XSS Vulnerabilities
No description provided by source. Title: Bedita 3.5.1 XSS vulnerabilites Application: Bedita Version: 3.5.1 Software Link: http://www.bedita.com/ Date: 2015-03-09 Author: Sébastien Morin Contact: https://twitter.com/SebMorin1 Category: Web Applications =================== Introduction:...
Serendipity 2.0.1 Cross Site Scripting
Serendipity 2.0.1: Persistent XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected] Vulnerabili...
Bedita 3.5.1 - XSS Vulnerabilities
Exploit for php platform in category web applications Title: Bedita 3.5.1 XSS vulnerabilites Application: Bedita Version: 3.5.1 Software Link: http://www.bedita.com/ Date: 2015-03-09 Author: Sébastien Morin Contact: https://twitter.com/SebMorin1 Category: Web Applications ===================...
NibbleBlog 4.0.3 Cross Site Request Forgery
NibbleBlog 4.0.3: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://www.nibbleblog.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 07/21/2015...
Bedita 3.5.1 - Cross-Site Scripting
Bedita 3.5.1 - Cross-Site Scripting Title: Bedita 3.5.1 XSS vulnerabilites Application: Bedita Version: 3.5.1 Software Link: http://www.bedita.com/ Date: 2015-03-09 Author: Sébastien Morin Contact: https://twitter.com/SebMorin1 Category: Web Applications =================== Introduction:...
Bedita 3.5.1 - Cross-Site Scripting
Title: Bedita 3.5.1 XSS vulnerabilites Application: Bedita Version: 3.5.1 Software Link: http://www.bedita.com/ Date: 2015-03-09 Author: Sébastien Morin Contact: https://twitter.com/SebMorin1 Category: Web Applications =================== Introduction: =================== BEdita is an open source...