7647 matches found
Persistent xss within build and plan labels
Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action as filter options. An example label which ca...
persistent xss in a user's username within mentions within comments
A user's username is injected into the "rel" attribute of the user mention link without being encoded properly. This means that if the username contains a " character then new attributes can be injected into the user mention link element. Hence, providing a persistent xss vector. To reproduce thi...
Paypal BugBounty 5 Cross Site Scripting
Title: ====== Paypal BugBounty 5 - Persistent Web Vulnerability Date: ===== 2012-10-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=639 VL-ID: ===== 639 Common Vulnerability Scoring System: ==================================== 3.3 Introduction: ============= PayPal i...
vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities
Document Title: =============== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=721 Release Date: ============= 2012-10-08 Vulnerability Laboratory ID VL-ID: ==================================== 7...
Web Help Desk by SolarWinds - Persistent Cross-Site Scripting
Web Help Desk by SolarWinds - Persistent Cross-Site Scripting Author: loneferret of Offensive Security Product: Web Help Desk by SolarWinds Version: 11.0.7 older versions may be affected Vendor Site: http://www.webhelpdesk.com Software Download: http://www.webhelpdesk.com/help-desk-software/...
Web Help Desk by SolarWinds - Persistent Cross-Site Scripting
Author: loneferret of Offensive Security Product: Web Help Desk by SolarWinds Version: 11.0.7 older versions may be affected Vendor Site: http://www.webhelpdesk.com Software Download: http://www.webhelpdesk.com/help-desk-software/ Discovered: August 18th 2012 Disclosure: August 19th 2012: Reporte...
Interspire Email Marketer 6.0.1 XSS / SQL Injection
Title: ====== Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites Date: ===== 2012-10-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=710 VL-ID: ===== 710 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...
vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities
Document Title: =============== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=721 Release Date: ============= 2012-10-08 Vulnerability Laboratory ID VL-ID: ==================================== 7...
Potential persistent xss in fixCaseInNotifications.jsp
There is a difficult to exploit XSS in fixCaseInNotifications.jsp. We could not get it to trigger, but there are some scenarios where unescaped data can be displayed through fix method correctName, userNameToFix. The relevant code is as follows: code NotificationCaseFixer caseFixer = new...
Omnistar Mailer 7.2 - Multiple Vulnerabilities
Omnistar Mailer 7.2 - Multiple Vulnerabilities Title: ====== Omnistar Mailer v7.2 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=711 VL-ID: ===== 711 Common Vulnerability Scoring System:...
OPlayer 2.0.05 iPhone,iPod TC & iPad - Web Vulnerabilities
Document Title: =============== OPlayer 2.0.05 iPhone,iPod TC & iPad - Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=713 Release Date: ============= 2012-10-02 Vulnerability Laboratory ID VL-ID: ====================================...
OPlayer 2.0.05 iOS Cross Site Scripting
Title: ====== OPlayer v2.0.05 iOS - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=715 VL-ID: ===== 719 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= OPlayer...
Paypal BugBounty #9 - Persistent Web Vulnerabilities
Document Title: =============== Paypal BugBounty 9 - Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=646 Release Date: ============= 2012-10-01 Vulnerability Laboratory ID VL-ID: ==================================== 646...
Switchvox Asterisk 5.1.2 Cross Site Scripting
Title: ====== Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=700 VL-ID: ===== 700 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: =============...
GTA UTM Firewall GB 6.0.3 Cross Site Scripting
Title: ====== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=579 VL-ID: ===== 579 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= The...
Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities
Document Title: =============== Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=571 Release Date: ============= 2012-09-30 Vulnerability Laboratory ID VL-ID: ====================================...
Fortigate UTM WAF Appliance Multiple Vulnerabilities
Multiple input validation vulnerabilitiespersistent are detected in the FortiGate UTM Appliance Application. Remote attackers & low privileged user accounts can inject persistent own malicious script code to manipulate specific customer/admin requests. Affected Products: ==================...
GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities
Document Title: =============== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=579 Release Date: ============= 2012-09-29 Vulnerability Laboratory ID VL-ID: ==================================== 57...
GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities
Document Title: =============== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=579 Release Date: ============= 2012-09-29 Vulnerability Laboratory ID VL-ID: ==================================== 57...
Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks
Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week...