ILIAS 4.4.1 - Multiple Vulnerabilities

ILIAS 4.4.1 - Multiple Vulnerabilities ============================================================== Title ...| Multiple vulnerabilities in ILIAS Version .| ilias-4.4.1.zip Date ....| 21.02.2014 Found ...| HauntIT Blog Home ....| www.ilias.de...

ILIAS 4.4.1 Cross Site Scripting / Shell Upload Vulnerabilities

ILIAS version 4.4.1 suffers from cross site scripting and remote shell upload vulnerabilities. ============================================================== Title ...| Multiple vulnerabilities in ILIAS Version .| ilias-4.4.1.zip Date ....| 21.02.2014 Found ...| HauntIT Blog Home ....| www.ilias....

CMSMadeSimple 1.11.10 Cross Site Scripting

============================================================== Title ...| CMSMadeSimple Multiple vulnerabilities Version .| cmsmadesimple-1.11.10-full.tar.gz Date ....| 20.02.2014 Found ...| HauntIT Blog Home ....| http://www.cmsmadesimple.org...

CNNVD Cross Site Scripting

Document Title: =============== CNNVD Gov CN 1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1209 Release Date: ============= 2014-02-21 Vulnerability Laboratory ID VL-ID: ====================================...

ATutor 2.1.1 Cross Site Scripting

============================================================== Title ...| ATutor Multiple vulnerabilities Version .| ATutor-2.1.1 Date ....| 19.02.2014 Found ...| HauntIT Blog Home ....| https://atutor.ca ==============================================================...

ILIAS 4.4.1 - Multiple Vulnerabilities

============================================================== Title ...| Multiple vulnerabilities in ILIAS Version .| ilias-4.4.1.zip Date ....| 21.02.2014 Found ...| HauntIT Blog Home ....| www.ilias.de ============================================================== First from admin user logged...

ATutor - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/65744/info ATutor is prone to multiple cross-site scripting vulnerabilities and a HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the...

CNNVD Gov CN #1 - Filter Bypass & Persistent Vulnerability

Document Title: =============== CNNVD Gov CN 1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1209 Release Date: ============= 2014-02-21 Vulnerability Laboratory ID VL-ID: ====================================...

CNNVD Gov CN #1 - Filter Bypass & Persistent Vulnerability

Document Title: =============== CNNVD Gov CN 1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1209 Release Date: ============= 2014-02-21 Vulnerability Laboratory ID VL-ID: ====================================...

Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities

Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities Document Title: =============== Barracuda Bug Bounty 30 Firewall - Multiple Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1065 Barracuda Networks Security ID BNSEC:...

Barracuda Message Archiver 650 Cross Site Scripting

Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Release Date: ============= 2014-02-18 Vulnerability Laboratory ID...

Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities

Document Title: =============== Barracuda Bug Bounty 30 Firewall - Multiple Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1065 Barracuda Networks Security ID BNSEC: BNSEC-2067 Video:...

Barracuda Message Archiver 650 - Persistent Cross-Site Scripting

Barracuda Message Archiver 650 - Persistent Cross-Site Scripting Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Relea...

Google Chrome CSRF Vulnerability - Linux

Google Chrome is prone to a cross-site request forgery CSRF attack. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome...

CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

CVE-2013-6166

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

Cross site request forgery (csrf)

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

Android Browser and WebView addJavascriptInterface Code Execution

This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs...

Project description is persistent XSS vector for project admins

This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...

Project description is persistent XSS vector for project admins

This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...