Vanilla Forums 2.0.18.4 - Tagging Persistent Cross-Site Scripting

Vanilla Forums 2.0.18.4 - Tagging Persistent Cross-Site Scripting Title: Vanilla Tagging Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 http://vanillaforums.org/download Create a new thread and post you...

Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities

Document Title: =============== Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=592 Release Date: ============= 2012-06-03 Vulnerability Laboratory ID VL-ID: ===================================...

Vanilla Forums 2.0.18.4 - Tagging Persistent Cross-Site Scripting

Title: Vanilla Tagging Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 http://vanillaforums.org/download Create a new thread and post your XSS as tag. I used alert'xss' You will have to use a proxy /...

Interspire Shopping Cart v6 - Multiple Web Vulnerabilities

Document Title: =============== Interspire Shopping Cart v6 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=593 Release Date: ============= 2012-06-02 Vulnerability Laboratory ID VL-ID: ====================================...

Interspire Shopping Cart v6 - Multiple Web Vulnerabilities

Document Title: =============== Interspire Shopping Cart v6 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=593 Release Date: ============= 2012-06-02 Vulnerability Laboratory ID VL-ID: ====================================...

Vanilla Forum Tagging Plugin Enchanced 1.0.1 - Persistent Cross-Site Scripting

Title: Vanilla Tagging Enchanced 1.0.1 Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Tagging Enhanced plugin 1.0.1 http://vanillaforums.org/download http://vanillaforums.org/addon/tagging-plugin This...

iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilities

Document Title: =============== iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=588 Release Date: ============= 2012-06-01 Vulnerability Laboratory ID VL-ID: ====================================...

IXESHE Malware Avoids Easy Detection to Remain a Persistent Threat

Trend Micro today issued a report on an advanced persistent threat that uses stealthy data-stealing malware called IXESHE “i-sushi” to infect machines. So far it’s hit East Asian governments, Taiwanese electronics manufacturers and German telecommunications firms operating across Asia. Though the...

Syneto UTM WAF v1.5.1 - Multiple Web Vulnerabilities

Document Title: =============== Syneto UTM WAF v1.5.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=586 Release Date: ============= 2012-05-30 Vulnerability Laboratory ID VL-ID: ==================================== 586...

Syneto UTM WAF v1.5.1 - Multiple Web Vulnerabilities

Document Title: =============== Syneto UTM WAF v1.5.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=586 Release Date: ============= 2012-05-30 Vulnerability Laboratory ID VL-ID: ==================================== 586...

DHS To Critical Infrastructure Owners: Hold On To Data After Cyber Attack

The Department of Homeland Security Is Offering Organizations That Use Industrial Control Systems advice or mitigating the effects of cyber attacks. Among the agency’s recommendations: hold on to data from infected systems and prevent enemies from moving within your organization. DHS’s Industrial...

PHP Volunteer Management System 1.0.2 - Multiple Vulnerabilities

PHP Volunteer Management System 1.0.2 - Multiple Vulnerabilities Exploit Title: PHP Volunteer Management System v 1.0.2 Multiple Vulnerabilities Date: 05/28/12 Author: Ashoo Mail: [email protected] Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Tested on:...

PHP Volunteer Management System v 1.0.2 Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: PHP Volunteer Management System v 1.0.2 Multiple Vulnerabilities Date: 05/28/12 Author: Ashoo Mail: email protected Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Tested on: IIS6.0-Windows 2003 ToC...

Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability

Document Title: =============== Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability References Source: ==================== http://www.blackboard.com/Platforms/Learn/Overview.aspx Release Date: ============= 2012-05-28 Vulnerability Laboratory ID VL-ID: ===================================...

PHP Volunteer Management System 1.0.2 Cross Site Scripting / Shell Upload

Exploit Title: PHP Volunteer Management System v 1.0.2 Multiple Vulnerabilities Date: 05/28/12 Author: Ashoo Mail: [email protected] Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Tested on: IIS6.0-Windows 2003 ToC 1.0 Introduction 2.0 Unrestricted File Upload 3...

PHP Volunteer Management System 1.0.2 - Multiple Vulnerabilities

Exploit Title: PHP Volunteer Management System v 1.0.2 Multiple Vulnerabilities Date: 05/28/12 Author: Ashoo Mail: [email protected] Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Tested on: IIS6.0-Windows 2003 ToC 1.0 Introduction 2.0 Unrestricted File Upload 3...

E-mail Trends Show Hackers Working Weekends Less and Less

While there are an increasing number of weekends catered to hacking, even hackers need a day off – and it shouldn’t surprise many that increasingly, that day is usually Sunday. Network security company FireEye reviewed statistics on email-based attacks for 2012 that suggest that Sunday has slowed...

Social Engine 4.2.2 Cross Site Request Forgery / Cross Site Scripting

Social Engine 4.2.2 Multiples Vulnerabilities Earlier versions are also possibly vulnerable. INFORMATION Product: Social Engine 4.2.2 Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Discovered by: Tiago Natel de Moura aka "i4k" Discovered at: 10/04/2012 CVE Notified: 10/04/2012 CVE...

Microsoft Skype 5.11.0.102 - Login Page API Vulnerability

Document Title: =============== Microsoft Skype 5.11.0.102 - Login Page API Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=596 MSRC ID: 13166 Release Date: ============= 2012-05-23 Vulnerability Laboratory ID VL-ID:...

Microsoft Skype 5.11.0.102 - Login Page API Vulnerability

Document Title: =============== Microsoft Skype 5.11.0.102 - Login Page API Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=596 MSRC ID: 13166 Release Date: ============= 2012-05-23 Vulnerability Laboratory ID VL-ID:...