[SECURITY] Fedora 22 Update: php-guzzle-Guzzle-3.9.3-5.fc22

Guzzle takes the pain out of sending HTTP requests and the redundancy out of creating web service clients. Guzzle is a framework that includes the tools needed to create a robust web service client, including: Service descriptions for defining the inputs and outputs of an API, resource iterators...

Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting

Invision Power Board IP.Board 4.x - Persistent Cross-Site Scripting Exploit Title: IP.Board 4.X Stored XSS Date: 27-08-2015 Software Link: https://www.invisionpower.com/ Exploit Author: snop. Contact: http://twitter.com/rabbitzorg Website: http://rabbitz.org Category: webapps 1. Description A...

Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting

Exploit Title: IP.Board 4.X Stored XSS Date: 27-08-2015 Software Link: https://www.invisionpower.com/ Exploit Author: snop. Contact: http://twitter.com/rabbitzorg Website: http://rabbitz.org Category: webapps 1. Description A registered or non-registered user can create a calendar event including...

Page2Flip 2.5 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-028 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Cross-Site Scripting...

CSRF and XSS vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DCS-2103 IP camera. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DCS-2103, Firmware 1.0.0. Version 1.20 and previous versions also...

Hawkeye-G v3.0.1 Persistent XSS & Information Leakage

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0725.txt Vendor: ================================ www.hexiscyber.com Product: ================================ Hawkeye-G v3.0.1.4912 Hawkeye G is an active defense...

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1467 Video: http://www.vulnerability-lab.com/getcontent.php?id=1468 Release Date: ============= 2015-08-11 Vulnerability...

UBNT Script Insertion

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1467 Video: http://www.vulnerability-lab.com/getcontent.php?id=1468 Release Date: ============= 2015-08-11 Vulnerability...

WordPress MDC Private Message Plugin 1.0.0 - Persistent XSS

An attacker can execute XSS issues against an administrator, because "message"field does not sanitize input. Solution Upgrade the plugin...

WordPress Plugin MDC Private Message 1.0.0 - Persistent Cross-Site Scripting

WordPress Plugin MDC Private Message 1.0.0 - Persistent Cross-Site Scripting Exploit Title: WordPress MDC Private Message Persistent XSS Date: 8/20/15 Exploit Author: Chris Kellum Vendor Homepage: http://medhabi.com/ https://wordpress.org/plugins/mdc-private-message/ Version: 1.0.0...

WordPress Plugin MDC Private Message 1.0.0 - Persistent Cross-Site Scripting

Exploit Title: WordPress MDC Private Message Persistent XSS Date: 8/20/15 Exploit Author: Chris Kellum Vendor Homepage: http://medhabi.com/ https://wordpress.org/plugins/mdc-private-message/ Version: 1.0.0 ===================== Vulnerability Details ===================== The 'message' field doesn...

WordPress MDC Private Message Plugin 1.0.0 - Persistent XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress MDC Private Message Persistent XSS Date: 8/20/15 Exploit Author: Chris Kellum Vendor Homepage: http://medhabi.com/ https://wordpress.org/plugins/mdc-private-message/ Version: 1.0.0 ===================== Vulnerability...

PHPfileNavigator 2.3.3 - Cross-Site Scripting

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt Vendor: ================================ pfn.sourceforge.net Product: =================================== PHPfileNavigator v2.3.3 pfn Is...

Shopify - Persistent Embed POST Inject Vulnerability

Document Title: =============== Shopify - Persistent Embed POST Inject Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1556 Video View: https://www.youtube.com/watch?v=5qiJ4UjJtQ Release Date: ============= 2015-08-13 Vulnerability Laboratory ID VL-ID:...

PHPfileNavigator 2.3.3 XSS / CSRF Vulnerabilities

PHPfileNavigator version 2.3.3 suffers from persistent and reflective cross site scripting and cross site request forgery vulnerabilities. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt Vendo...

PHPfileNavigator 2.3.3 Cross Site Scripting

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt Vendor: ================================ pfn.sourceforge.net Product: =================================== PHPfileNavigator v2.3.3 pfn Is...

Apple Consultants - Client Side Cross Site Vulnerability

Document Title: =============== Apple Consultants - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1533 Apple ID: 624519287 Release Date: ============= 2015-08-12 Vulnerability Laboratory ID VL-ID:...

Shopify - Persistent Embed POST Inject Vulnerability

Document Title: =============== Shopify - Persistent Embed POST Inject Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1556 Video View: https://www.youtube.com/watch?v=5qiJ4UjJtQ Release Date: ============= 2015-08-12 Vulnerability Laboratory ID VL-ID:...

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1468 View Video: https://www.youtube.com/watch?v=JeEWyV9VMpE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1467 Release...

My Contacts Backup Pro 2.0.1 Command Injection / XSS

Document Title: =============== My Contacts Backup Pro 2.0.1 IOS - Command Inject Vulnerability & Cross Site Scripting Credits & Authors: ================== TaurusOmar - @TaurusOmar [email protected] taurusomar.blogspot.com Release Date: ============= 2015-08-11 Product & Service Introductio...