XSS vulnerability in the "import word document" page action through the page name

On the "import word document" page action the name of the confluence page is a persistent xss vector as it is not encoded. How to Reproduce: 1. Create a confluence page with the following title noformat XSS"/alert'XSS' noformat 2. Navigate to the created page 3. Under the tools menu select "Impor...

XSS vulnerability in the "import word document" page action through the page name

On the "import word document" page action the name of the confluence page is a persistent xss vector as it is not encoded. How to Reproduce: 1. Create a confluence page with the following title noformat XSS"/alert'XSS' noformat 2. Navigate to the created page 3. Under the tools menu select "Impor...

eFront Educational v3.6.11 - Multiple Web Vulnerabilities

Document Title: =============== eFront Educational v3.6.11 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=666 Release Date: ============= 2012-08-03 Vulnerability Laboratory ID VL-ID: ==================================== 6...

eFront Educational v3.6.11 - Multiple Web Vulnerabilities

Document Title: =============== eFront Educational v3.6.11 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=666 Release Date: ============= 2012-08-03 Vulnerability Laboratory ID VL-ID: ==================================== 6...

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54773/info Barracuda Email Security Service is prone to multiple HTML-injection vulnerabilities because it fails to properly validate user-supplied input. An attacker may leverage...

Barracuda EMail Security 2.0.2 Filter Bypass / XSS

Title: ====== Barracuda EMail Security 2.0.2 - Multiple Web Vulnerabilities Date: ===== 2012-08-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=621 http://www.vulnerability-lab.com/getcontent.php?id=630 Barracuda Networks Security ID: BNSEC-304 VL-ID: ===== 621 Commo...

Kaspersky Password Manager - Filter Bypass Vulnerability

Document Title: =============== Kaspersky Password Manager - Filter Bypass Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=674 Download: http://www.vulnerability-lab.com/resources/videos/674.wmv View: http://www.youtube.com/watch?v=8D86ic9opYE Advisory:...

Inout Mobile Webmail APP Persistent XSS Vulnerability

Exploit for php platform in category web applications Inout Mobile Webmail APP - Multiple Web Vulnerabilities Details: ======== Multiple persistent input validation vulnerabilities are detected in the inoutscripts mobile Inoutmail CMS 2012. The bugs allow remote attackers to implement/inject...

Barracuda EMail Security 2.0.2 - Multiple Web Vulnerabilities

Document Title: =============== Barracuda EMail Security 2.0.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=621 http://www.vulnerability-lab.com/getcontent.php?id=563 Barracuda Networks Security ID: BNSEC-304 Release Dat...

Social Engine v4.2.5 - Multiple Web Vulnerabilities

Document Title: =============== Social Engine v4.2.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=672 Release Date: ============= 2012-07-30 Vulnerability Laboratory ID VL-ID: ==================================== 672...

Social Engine v4.2.5 - Multiple Web Vulnerabilities

Document Title: =============== Social Engine v4.2.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=672 Release Date: ============= 2012-07-30 Vulnerability Laboratory ID VL-ID: ==================================== 672...

rdtax.myeg.com.my Cross Site Scripting

Exploit Title: rdtax.myeg.com.my XSS Vulnerability Date: 27/07/2012 Author: Ryuzaki Lawlet Web/Blog: http://justryuz.blogspot.com Category: webapps Security:RISK: normal Vendor or Software Link: Google dork: - Tested on: Linux Exploit/p0c : http://localhost:80/path/path/chooseIns.jsp?agent= Proof...

Social Engine 4 Cross Site Scripting

===================================================== Social Engine 4 Persistent XSS & Non-Persistent XSS ===================================================== :----------------------------------------------------------------------------------------------------------------------------------------...

Firms Need 'Tough Love' In Struggle Against APTs

Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating...

PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities

Title: ====== PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities Date: ===== 2012-06-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=623 VL-ID: ===== 625 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= PBBoard...

SMF Board v2.0.2 - Multiple Web Vulnerabilities

Title: ====== SMF Board v2.0.2 - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=596 VL-ID: ===== 624 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: ============= Simple...

AVAVoIP v1.5.12 - Multiple Web Vulnerabilities

Title: ====== AVAVoIP v1.5.12 - Multiple Web Vulnerabilities Date: ===== 2012-06-28 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=437 VL-ID: ===== 611 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= Designed fr...

Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability

Title: ====== Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability Date: ===== 2012-05-29 References: =========== http://www.blackboard.com/Platforms/Learn/Overview.aspx VL-ID: ===== 580 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...

Apache Struts 2 struts2-rest-showcase orders 'clientName' Parameter Persistent XSS

The remote web server hosts Struts2-rest-showcase, a demonstration application for the Struts 2 framework. Input passed via the 'clientName' parameter to the orders page is not properly sanitized, which can allow for arbitrary HTML and script code to be loaded onto the system and executed when a...

ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting Blind SQL Injection Remote Code Execution

ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting Blind SQL Injection Remote Code Execution / Exploit Title: Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE Date: Jul 22 2012 Author: muts Version: Ipswitch WhatsUp Gold 15.02 Vendor URL: http://www.ipswitch.com/ An attacker c...