Project description is persistent XSS vector for project admins

This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...

CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting

CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting Exploit Title: CTERA Project Folders - Stored XSS Date: 11-Mar-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.ctera.com Version: 3.2.29.0 and 3.2.42.0 Tested on: ctera os CVE : CVE-2013-2639 OVERVIEW Standard Ctera User...

Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability

Document Title: =============== Mozilla Bug Bounty 5 - WireTap Remote Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking ID: 875818 Video: http://www.vulnerability-lab.com/getcontent.php?id=1182 Partner News...

Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability

Document Title: =============== Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=967 Mozilla Bug Tracking ID: 881686 http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking I...

Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability

Document Title: =============== Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=967 Mozilla Bug Tracking ID: 881686 http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking I...

Atmail Webmail => 7.2 - Multiple XSS & FPD Vulnerabilities

Atmail is a platform which main purposes is to... send and receive emails - anyway, latest versions suffers on multiple Cross Site Scripting vulnerabilities because of poor content and variables filtration. Cheers. Title: Atmail Webmail =7.2 - Multiple XSS & FPD Date: 01.27.2014 Vendor: atmail.co...

Ability Mail Server 2013 -Persistent Cross-Site Scripting Cross-Site Request Forgery (Password Reset)

Ability Mail Server 2013 -Persistent Cross-Site Scripting Cross-Site Request Forgery Password Reset On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and...

Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting

Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting Advisory ID: HTB23194 Product: Komento Joomla Extension Vendor: Stack Ideas Sdn Bhd. Vulnerable Versions: 1.7.2 and probably prior Tested Version: 1.7.2 Advisory Publication: January 2, 2014 without technical details Vendor...

PHPJabbers Car Rental脚本多个漏洞

No description provided by source. Car Rental Script - Multiple Vulnerabilities ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/car-rental/ ===...

Teracom Modem T2-B-Gawv1.4U10Y-BI - Persistent Cross-Site Scripting

Teracom Modem T2-B-Gawv1.4U10Y-BI - Persistent Cross-Site Scripting Exploit Title: Teracom Modem Stored XSS Vulnerability Date: 19-01-2014 Author: Rakesh S Software Link: http://www.teracom.in/ Version: T2-B-Gawv1.4U10Y-BI Tested on: Windows 7 Code : GET...

SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting

SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting Click Me, Please...\r\n NOTE: javascript html char encode = then you will be able to get into the victim's mailbox via the url: http://WebSite/Smarter/Default.aspx I used phpmailer class for beside of the ex...

SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting

Click Me, Please...\r\n NOTE: javascript html char encode = then you will be able to get into the victim's mailbox via the url: http://WebSite/Smarter/Default.aspx I used phpmailer class for beside of the exploit so you need to download it here and run...

Icefog Cyberespionage Campaign Hit 3 US Oil, Gas Companies

When the curtain was peeled back on the Icefog targeted espionage campaign in September, a new type of operator was unveiled, one that took the persistence out of advanced persistent threats APT. Researchers at Kaspersky Lab noted in uncovering Icefog that the attacks against the defense supply...

iScripts MultiCart <= 2.4 - Persistent XSS / CSRF / XSS+CSRF Mass Accounts takeover

Exploit for php platform in category web applications Exploit Title : iScripts MultiCart same product id for which you submited the review. Cross-site request forgery form nam...

Car Rental Script Cross Site Request Forgery / Cross Site Scripting

Car Rental Script - Multiple Vulnerabilties ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/car-rental/ .:. Tested On Demo :...

Microsoft Sharepoint - Filter Bypass & Persistent Issues

Document Title: =============== Microsoft Sharepoint - Filter Bypass & Persistent Issues References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1027 View Video 1: http://www.youtube.com/watch?v=L9n-JFog9K8 View Video 2: http://www.youtube.com/watch?v=xbp0gyPDGko Advisory:...

Microsoft Sharepoint - Bypass & Persistent Vulnerability

Document Title: =============== Microsoft Sharepoint - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1024 Microsoft Security Response Center MSRC ID: 15181 Release Date: ============= 2014-01-13 Vulnerability Laborator...

Microsoft Sharepoint - Bypass & Persistent Vulnerability

Document Title: =============== Microsoft Sharepoint - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1024 Microsoft Security Response Center MSRC ID: 15181 Release Date: ============= 2014-01-13 Vulnerability Laborator...

Microsoft Sharepoint - Filter Bypass & Persistent Issues

Document Title: =============== Microsoft Sharepoint - Filter Bypass & Persistent Issues References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1027 View Video 1: http://www.youtube.com/watch?v=L9n-JFog9K8 View Video 2: http://www.youtube.com/watch?v=xbp0gyPDGko Advisory:...

[CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin

Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-5573 CVSS v2...