7654 matches found
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability
Document Title: =============== RelateIQ Bug Bounty 1 - Persistent Signup Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1320 Video: http://www.vulnerability-lab.com/getcontent.php?id=1332 Release Date: ============= 2014-12-02 Vulnerabili...
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability
Document Title: =============== RelateIQ Bug Bounty 1 - Persistent Signup Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1332 View: https://www.youtube.com/watch?v=ZxGbG6U45NE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1320 Release Date:...
WordPress 3 persistent script injection
OVERVIEW ======== A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don't require authentication by default. The JavaScript injected into a comment is executed when the targe...
BookFresh - Persistent Clients Invite Vulnerability
Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...
CSRF and XSS vulnerabilities in D-Link DAP-1360
Hello 3APA3A! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model with other...
OracleVM 2.1 : udev (OVMSA-2009-0006)
The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-1185 udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. - fix fo...
WordPress < 3.7.5 / 3.8.5 / 3.9.3 / 4.0.1 Multiple Vulnerabilities
According to its version number, the WordPress application installed on the remote web server is affected by multiple vulnerabilities : - Multiple unspecified errors exist that could allow cross-site scripting attacks. - An unspecified error exists that could allow cross-site request forgery...
Crea8Social 1.3 - Persistent Cross-Site Scripting
Exploit Title: crea8social 1.3 Stored XSS Vulnerability Date: 24-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.3 Vendor Homepage: http://codecanyon.net/item/crea8social-php-social-networking-platform-v13/9211270 Tested on: Chrome & Iceweasel Vulnerability Description: ===Stored XSS=== Crea...
Supr Shopsystem 5.1.0 - Persistent UI Vulnerability
Exploit for php platform in category web applications Product & Service Introduction: =============================== SUPR is a modern and user-friendly system which allows each store very quickly and easily create their own online store. Without installation and own webspace you can begin to...
Supr Shopsystem 5.1.0 Cross Site Scripting
Document Title: =============== Supr Shopsystem v5.1.0 - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1353 Release Date: ============= 2014-11-07 Vulnerability Laboratory ID VL-ID: ==================================== 1353...
libvirt: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index
An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune function looked up the disk index in a non-persistent live disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could us...
Ebay Magento Bug Bounty #1 - Persistent API Vulnerability
Document Title: =============== Ebay Magento Bug Bounty 1 - Persistent API Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1202 eBay Inc. Bug Bounty Program ID: EIBBP-26643 Release Date: ============= 2014-11-17 Vulnerability Laboratory ID...
FlatNuke 3.1.x Cross Site Scripting
------------------------------------------------------------------------- + FlatNuke alertdocument.cookie&body=This is my comment ------------------------------------------------------------------------------------------------...
PHPFox - Persistent Cross-Site Scripting
PHPFox - Persistent Cross-Site Scripting Exploit Title: PHPFox XSS AdminCP Date: 2014-10-22 Exploit Author: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://www.moxi9.com Version: All version CVE : CVE-2014-8469 Response Vendor: fixed 2014-10-23 to v4 Beta + DESCRIPTION The system store...
PHPFox - Persistent Cross-Site Scripting
Exploit Title: PHPFox XSS AdminCP Date: 2014-10-22 Exploit Author: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://www.moxi9.com Version: All version CVE : CVE-2014-8469 Response Vendor: fixed 2014-10-23 to v4 Beta + DESCRIPTION The system stores all urls accessed in a database table,...
MyBB Forums 1.8.2 - Persistent Cross-Site Scripting
Exploit Title:Stored XSS vulnerability in MyBB 1.8.2 Date: 16th November'2014 Exploit Author: Avinash Kumar Thapa Vendor Homepage: http://www.mybb.com/ Software Link: http://www.mybb.com/download/ Version: MyBB 1.8.2 latest Tested on: Operating System: Windows 8.1 Browser Used : Mozilla Firefox...
Ebay Magento Bug Bounty #1 - Persistent API Vulnerability
Document Title: =============== Ebay Magento Bug Bounty 1 - Persistent API Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1202 eBay Inc. Bug Bounty Program ID: EIBBP-26643 Release Date: ============= 2014-11-17 Vulnerability Laboratory ID...
FlatNuke 3.1.4 (FlatPoll) Persistent XSS Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------- + FlatNuke alertdocument.cookie&body=This is my comment ------------------------------------------------------------------------------------------------ 0day.today...
Folder Plus 2.5.1 iOS - Persistent XSS Vulnerability
No description provided by source. Document Title: =============== Folder Plus v2.5.1 iOS - Persistent Item Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1348 Release Date: ============= 2014-10-24 Vulnerability Laboratory ID VL-ID:...
Dell SonicWall GMS 7.2.x - Code Injection
No description provided by source. Document Title: =============== Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1222 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...