GetSimple CMS 3.3.1 - Cross-Site Scripting

PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1 CVE-2014-1603 by Pedro Ribeiro [email protected] from Agile Information Security Disclosure: 12/05/2014 / Last updated: 12/10/2014 Timeline: 04/11/2013 - Found bugs, produced proof of concept. 05/11/2013 - Communicated to the developer,...

vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting

CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ================================================================================================ Overview -------- date : 10/12/2014 cvss : 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P base cwe : 79 vendor : vBulletin...

vBulletin 4.x5.x - AdminCPApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting

vBulletin 4.x5.x - AdminCPApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ================================================================================================ Overview...

vBulletin 5.x / 4.x Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...

All In One Wordpress Firewall 3.8.3 - Persistent XSS Vulnerability

No description provided by source. Document Title: =============== All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-I...

Google Android Browser - Bypass& Persistent Vulnerability

Document Title: =============== Google Android Browser - Bypass& Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1337 View: https://www.youtube.com/watch?v=Erva1rfd3dc Release Date: ============= 2014-10-08 Vulnerability Laboratory ID VL-ID:...

Google Android Browser - Bypass& Persistent Vulnerability

Document Title: =============== Google Android Browser - Bypass& Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1337 View: https://www.youtube.com/watch?v=Erva1rfd3dc Release Date: ============= 2014-10-08 Vulnerability Laboratory ID VL-ID:...

PayPal Inc BB #96 - Persistent Tags Vulnerability

Document Title: =============== PayPal Inc BB 96 - Persistent Tags Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=954 PayPal Security UID: apf87gW Release Date: ============= 2014-10-08 Vulnerability Laboratory ID VL-ID:...

PayPal Inc BB #96 - Persistent Tags Vulnerability

Document Title: =============== PayPal Inc BB 96 - Persistent Tags Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=954 PayPal Security UID: apf87gW Release Date: ============= 2014-10-08 Vulnerability Laboratory ID VL-ID:...

MGASA-2014-0401 Updated libvirt packages fix security vulnerbilities

Updated libvirt packages fix security vulnerabilities: An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune function looked up the disk index in a non-persistent live disk configuration while a persistent disk configuration was being indexed. A remote attacker able t...

Microsoft Yammer - Bypass & Persistent Vulnerabilities

Document Title: =============== Microsoft Yammer - Bypass & Persistent Vulnerabilities References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1330 View: https://www.youtube.com/watch?v=0w8S3uryeII Advisory: http://www.vulnerability-lab.com/getcontent.php?id=976 Release Date:...

PayPal France Mail Encoding Script Insertion

Document Title: =============== PayPal Inc Bug Bounty Issue 70 France - Persistent Escape Shopping Mail Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=869...

WordPress BulletProof Security 50.8 Script Insertion

Document Title: =============== BulletProof Security Wordpress v50.8 - POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1326 Release Date: ============= 2014-09-30 Vulnerability Laboratory ID VL-ID:...

WordPress All In One WP Firewall Plugin 3.8.3 - Persistent XSS

WordPress All In One WP Firewall plugin is prone to a persistent XSS vulnerability. It results session hijacking, persistent external redirect to malicious sources, persistent phishing attacks and application-side manipulation of affected module context. Solution Update the plugin...

Epicor Enterprise 7.4 - Multiple Vulnerabilities

Epicor suffers from cross site scripting and password disclosure vulnerabilities. "Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th...

WordPress Plugin All In One WP Security Firewall 3.8.3 - Persistent Cross-Site Scripting

WordPress Plugin All In One WP Security Firewall 3.8.3 - Persistent Cross-Site Scripting Document Title: =============== All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date:...

libvirt: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index

An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune function looked up the disk index in a non-persistent live disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could us...

BulletProof Security WP v50.8 - POST Inject Vulnerability

Document Title: =============== BulletProof Security WP v50.8 - POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1326 Release Date: ============= 2014-09-30 Vulnerability Laboratory ID VL-ID: ====================================...

PayPal Bill Later Mail Encoding Cross Site Scripting

Document Title: =============== PayPal Inc Bug Bounty 59 - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=844 PayPal Security UID: CabdfGa Release Date: ============= 2014-09-23 Vulnerability Laboratory ID VL-ID:...

PayPal Service Manager Script Insertion

Document Title: =============== PayPal Inc Bug Bounty 71 PPM - Persistent Filter Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=870 PayPal Security UID: Roc83bl Release Date: ============= 2014-09-24 Vulnerability Laboratory ID VL-ID:...