Eisbär SCADA (All Versions) - Persistent UI Vulnerability

Document Title: =============== Eisbär SCADA All Versions - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1456 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID VL-ID: ==================================== 14...

HiDisk 2.4 iOS - (FolderPath) Persistent Vulnerability

Document Title: =============== HiDisk 2.4 iOS - FolderPath Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1496 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID VL-ID: ==================================== 1496...

iClassSchedule 1.6 Script Insertion

Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID:...

Hikvision DS-2CD2012-I XML Injection / Abuse Issues

Hello list! There are vulnerabilities in Hikvision DS-2CD2012-I. These are XML Injection, Abuse of Functionality and Brute Force vulnerabilities. All these vulnerabilities are present in other IP cameras and DVR of Hikvision. ------------------------- Affected vendors: -------------------------...

WordPress Booking Calendar Contact Form Plugin 1.0.2 - Multiple vulnerabilities

Booking Calendar Contact Form plugin is prone to multiple vulnerabilities: 1. Authenticated SQL injection in "get" parameter allows an attacker to escalate editor privileges. 2. Filter bypass & Authenticated SQL injection in "id" parameter via...

iClassSchedule 1.6 iOS & Android - Persistent Vulnerability

Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID: ===================================...

iClassSchedule 1.6 iOS & Android - Persistent Vulnerability

Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-12 Vulnerability Laboratory ID VL-ID: ===================================...

D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting

D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting !/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod Developed by Mauricio Corrêa XLabs Information Security WebSite:...

DokuWiki persistent Cross Site Scripting

Advisory ID: SGMA15-001 Title: DokuWiki persistent Cross Site Scripting Product: DokuWiki Version: 2014-09-29c and probably prior Vendor: www.dokuwiki.org Vulnerability type: Persistent XSS Risk level: Medium Credit: Filippo Cavallarin - segment.technology CVE: N/A Vendor notification: 2015-03-18...

D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting

!/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod URL Filter Developed by Mauricio Corrêa XLabs Information Security WebSite: www.xlabs.com.br CAUTION! This exploit disables some features of the modem, forcing the...

D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting

!/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod Developed by Mauricio Corrêa XLabs Information Security WebSite: www.xlabs.com.br CAUTION! This exploit disables some features of the modem, forcing the administrator...

SynTail 1.5 Build 566 CSRF / Cross Site Scripting

Exploit Title: Multiple vulnerabilities in SynTail 1.5 Build 566 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SynTailDownload.htm Version: 1.5 Build 566...

Oracle Business Intelligence Mobile HD 11.x Script Insertion

Document Title: =============== Oracle Business Intelligence Mobile HD v11.x iOS - Persistent UI Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1361 Oracle Security ID: S0540289 Tracking ID: S0540289 Reporter ID: 1 2015Q1 Release Date:...

Yahoo eMarketing Cross Site Scripting

Document Title: =============== Yahoo eMarketing Bug Bounty 31 - Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1491 Yahoo Security ID H1: 55395 Release Date: ============= 2015-05-07 Vulnerability Laboratory ID VL-ID:...

Yahoo eMarketing Bug Bounty #31 - Cross Site Vulnerability

Document Title: =============== Yahoo eMarketing Bug Bounty 31 - Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1491 Yahoo Security ID H1: 55395 Release Date: ============= 2015-05-07 Vulnerability Laboratory ID VL-ID:...

WordPress Ultimate Product Catalogue 3.1.2 XSS / CSRF / File Upload Vulnerabilities

WordPress Ultimate Product Catalogue plugin version 3.1.2 suffers from cross site request forgery, cross site scripting, and file upload vulnerabilities. Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate Product Catalogue 3.1.2 Google Dork: inurl:"SingleProduct" intext:"Back...

PHP Fusion 7.02.07 XSS / Clickjacking

Hi Team, Affected Vendor: https://www.php-fusion.co.uk/home.php Date: 04/05/2015 Creditee: http://osvdb.org/creditees/13518-vadodil-joel-varghese Type of vulnerability: Persistent XSS + Clickjacking Tested on: Windows 8.1 Product: PHP Fusion Version: 7.02.07 1 Cross Site Scripting...

WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities

Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate Product Catalogue 3.1.2 Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category", inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/" Date: 22/04/2015 Exploit Author: Felipe Molina de...

SevDesk 1.1 Persistent Script Insertion

Document Title: =============== SevDesk v1.1 iOS - Persistent Dashboard Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1311 Release Date: ============= 2015-04-23 Vulnerability Laboratory ID VL-ID: ==================================== 1311...

White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...