7654 matches found
CVE-2015-1498
The CVE-2015-1498 issue affects Persistent Systems Radia Client Automation. Connected sources confirm a improper access-control vulnerability in specific requests (notably getUsers, addAssigneesToRole, removeAssigneesFromRole) that enables remote attackers to enumerate user accounts and modify us...
FancyBox Plugin for WordPress 'mfbfw' Parameter Persistent XSS
The version of the FancyBox plugin for WordPress installed on the remote host is affected by a persistent cross-site scripting vulnerability due to a failure properly sanitize user-supplied input to the 'mfbfw' POST parameter when the 'action' parameter is set to 'update'. A remote, unauthenticat...
Ebay Inc Magento BB#5 - Persistent Validation Vulnerability
Document Title: =============== Ebay Inc Magento BB5 - Persistent Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1226 eBay Inc. Bug Bounty Program ID: EIBBP-27288 Vulnerability Magazine:...
Ebay Inc Magento BB#5 - Persistent Validation Vulnerability
Document Title: =============== Ebay Inc Magento BB5 - Persistent Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1226 eBay Inc. Bug Bounty Program ID: EIBBP-27288 Vulnerability Magazine:...
PerlTreeBBS vulnerable to cross-site scripting
Overview PerlTreeBBS from Homepage Decorator is a tree-structured bulletin board software. PerlTreeBBS contains a persistent cross-site scripting vulnerability CWE-79. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Crucible does not clear all Tokens when Browser is Closed
Problem Closing a browser ends the user session. When the user re-opens the browser and accesses Crucible, there is no login prompt and Crucible treats it like an authenticated user. Any page loads after the initial will result in the user being directed to the login page. Steps to Reproduce Have...
Persistent Systems Client Automation Remote Elevation of Privilege Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Persistent Systems Client Automation. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of certain requests including getUsers,...
(0Day) Persistent Systems Client Automation Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Persistent Systems Client Automation. Authentication is not required to exploit this vulnerability. The flaw exists within the radexecd.exe component which listens by default on TCP port 3465. When...
u5CMS 3.9.3 - Multiple Persistent Cross-Site Scripting / Reflected Cross-Site Scripting Vulnerabilities
u5CMS 3.9.3 Multiple Stored And Reflected XSS Vulnerabilities Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration,...
BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability
Document Title: =============== BlinkSale Bug Bounty 1 - Encode & Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1416 Release Date: ============= 2015-02-06 Vulnerability Laboratory ID VL-ID: ====================================...
BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability
Document Title: =============== BlinkSale Bug Bounty 1 - Encode & Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1416 Release Date: ============= 2015-02-06 Vulnerability Laboratory ID VL-ID: ====================================...
Google Offers Bug Bounty Vulnerability Research Grants
Google last week announced that it has instituted a program for 2015 in which researchers can receive up to 3,133.70 in grant money for bug hunting. Researchers must apply for the grants, which will be an up-front award that will be paid out before a bug is submitted, Google said. “Researchers’...
WordPress Calls to Action <= 2.2.7 - Stored XSS
The AJAX action ‘inboundformsave’ allows unauthenticated users to update the content of any specific form on the site. In order to exploit this, a form ID must be enumerated using another unauthenticated AJAX action, ‘inboundgetformdata’. Once a form ID has been enumerated, the content of the for...
Apple Patches Thunderstrike Bug in OSX, Fixes More Than 30 Flaws in iOS
Apple has released major security updates for both OS X and iOS that includes patches for a number of bugs that could lead to arbitrary code execution. The release of iOS 8.1.3 fixes a vulnerability that allowed an attacker to bypass the sandbox restrictions in Safari and the OS X update fixes a...
Barracuda Networks Cloud Series - Filter Bypass
Document Title: =============== Barracuda Networks Cloud Series - Filter Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=754 Barracuda Networks Security ID BNSEC: 731 Release Date: ============= 2015-01-19 Vulnerability Laboratory ID...
SPSControl 1.2 Persistent Script Insertion
Document Title: =============== SPSControl v1.2 iOS - .spc Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1404 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ==================================== 1404...
Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability
Document Title: =============== Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1356 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID VL-ID: ==================================== 13...
Sitefinity Enterprise v7.2.53 - Persistent Vulnerability
Document Title: =============== Sitefinity Enterprise v7.2.53 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1369 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID VL-ID: ====================================...
SPSControl v1.2 iOS - (.spc) Persistent Vulnerability
Document Title: =============== SPSControl v1.2 iOS - .spc Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1404 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ==================================== 1404...
Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability
Document Title: =============== Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1356 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID VL-ID: ==================================== 13...