7654 matches found
ZCMS 1.1 - Multiple Vulnerabilities
Exploit Title: SQL Injection & Persistent XSS Google Dork: intitle: SQL Injection & Persistent XSS Date: 2015-06-12 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: zencherry.com Software Link: sourceforge.net/projects/zencherrycms Version: 1.1 Tested on:...
Nakid CMS - Multiple Vulnerabilities
Exploit Title: CSRF, Persistent XSS & LFI Google Dork: intitle: CSRF, Persistent XSS & LFI Date: 2015-06-11 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: kilrizzy.github.io/Nakid-CMS Software Link: kilrizzy.github.io/Nakid-CMS Version:...
vfront-0.99.2 CSRF & Persistent XSS
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt Vendor: ============== www.vfront.org Product: =================================================================================== vfront-0.99.2 is a PHP web...
vfront 0.99.2 CSRF & Persistent XSS Vulnerabilities
Exploit for php platform in category web applications Exploit Title: CSRF & Persistent XSS Google Dork: intitle: CSRF & Persistent XSS Date: 2015-06-02 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.vfront.org Software Link: www.vfront.org Version:...
VFront 0.99.2 - Cross-Site Request Forgery Persistent Cross-Site Scripting
VFront 0.99.2 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: CSRF & Persistent XSS Google Dork: intitle: CSRF & Persistent XSS Date: 2015-06-02 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.vfront.org Software Link:...
VFront 0.99.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
Exploit Title: CSRF & Persistent XSS Google Dork: intitle: CSRF & Persistent XSS Date: 2015-06-02 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.vfront.org Software Link: www.vfront.org Version: 0.99.2 Tested on: windows 7 Category: webapps Product:...
Ebay Magento Bug Bounty #6 - Persistent Mail Web Vulnerability
Document Title: =============== Ebay Magento Bug Bounty 6 - Persistent Mail Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1393 EIBBP-31097 Release Date: ============= 2015-06-02 Vulnerability Laboratory ID VL-ID:...
Eisbar SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability
Document Title: =============== Eisbar SCADA All Versions - iOS, Android & W8 - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1456 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID VL-ID:...
iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability
Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID:...
WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting
WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting Exploit Title: WordPress Free Counter Plugin Stored XSS Date: 2015/05/25 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://www.free-counter.org Software Link:...
WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting
Exploit Title: WordPress Free Counter Plugin Stored XSS Date: 2015/05/25 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://www.free-counter.org Software Link: https://wordpress.org/plugins/free-counter/ Version: 1.1 Tested on: WordPress 4.2.2...
[BSA-107] Security Update for horizon
Thomas Goirand uploaded new packages for horizon which fixed the following security problem: CVE-2015-3988: Sunil Yadav from IBM Security Services reported a persistent XSS in Horizon. An authenticated user may conduct a persistent XSS attack by setting a malicious metadata to a Glance image, a...
MemHT Portal 4.0.2 Persistent XSS Exploit
Stored XSS in statistics page. Made with changged user referer. Usage Info All information in source code. / Stored XSS for MemHT Portal 4.0.2 Manual: - Register on target site - Grab login cookie loginuser=idloginHashpasswordHash - Compile C source and run it xNet library is needed - Enter targe...
WordPress Plugin church_admin 0.800 - Persistent Cross-Site Scripting
WordPress Plugin churchadmin 0.800 - Persistent Cross-Site Scripting Exploit Title: Wordpress churchadmin Stored XSS Date: 21-04-2015 Exploit Author: woodspeed Vendor Homepage: https://wordpress.org/plugins/church-admin/ Version: 0.800 OSVDB ID : http://www.osvdb.org/show/osvdb/121304 WPVULNDB ID...
Anti-Malware & Brute-Force Security by ELI <= 4.15.22 - Stored XSS
The Anti-Malware and Brute-Force Security by ELI has two issues which we will cover in this report. The first is that no nonce CSRF token is utilized on the settings screen. This could potentially result in resource utilization by performing a large number of scans simultaneously, should an...
NextScripts: Social Networks Auto-Poster < 3.4.18 - CSRF to Stored XSS
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to a Persistent XSS attack on the settings screen, due to a lack of sanitation of user input, and lack of Cross-Site Request Forgery token nonce. PoC If a page with the following FORM in is visited by an administrativ...
Anti-Malware & Brute-Force Security by ELI <= 4.15.22 - Stored XSS
The Anti-Malware and Brute-Force Security by ELI has two issues which we will cover in this report. The first is that no nonce CSRF token is utilized on the settings screen. This could potentially result in resource utilization by performing a large number of scans simultaneously, should an...
search.wlbz2.com XSS vulnerability
Open Bug Bounty ID: OBB-63467 Description| Value ---|--- Affected Website:| search.wlbz2.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
Eisbär SCADA (All Versions) - Persistent UI Vulnerability
Document Title: =============== Eisbär SCADA All Versions - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1456 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID VL-ID: ==================================== 14...
HiDisk 2.4 iOS - (FolderPath) Persistent Vulnerability
Document Title: =============== HiDisk 2.4 iOS - FolderPath Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1496 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID VL-ID: ==================================== 1496...