vBShout - Persistent Cross-Site Scripting

Exploit Title: vBShout persistent XSS 0day Google Dork: "DragonByte Technologies Ltd" vbshout Date: 21/3/2012 9:00 PM EST Author: ToiL Software Link: http://www.dragonbyte-tech.com/ Version: all Tested on: all CVE : XSS Greeting from Team Odyessy. Today we will release a 0day for the vBulletin mo...

Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities

Title: ====== Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=470 VL-ID: ===== 470 Introduction: ============= SysAid IT Enterprise Edition is an IT management solution that includes a suite of...

Wolf CMS v0.7.5 - Multiple Web Vulnerabilities

Title: ====== Wolf CMS v0.7.5 - Multiple Web Vulnerabilities Date: ===== 2012-02-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=452 VL-ID: ===== 452 Introduction: ============= Wolf CMS is a content management system and is Free Software published under the GNU...

Kongreg8 1.7.3 Mutiple XSS

Exploit Title: Kongreg8 1.7.3 Mutiple XSS Date: 02/24/12 Author: G13 Software Link: https://sourceforge.net/projects/kongreg8/ Version: 1.7.3 Category: webapps php Vulnerability Kongreg8 1.7.3 has multiple XSS vulnerabilites. These vulnerabilities are in the Add Member and Add Group functions...

Kayako Fusion Help Desk Cross Site Scripting

Exploit Title: Kayako Fusion Cross Site Scripting Date: 17.03.2012 Author: Sony Software Link: http://www.kayako.com/ Version: all version Google Dorks: inurl:Base/UserRegistration/ or intitle:Powered by Kayako Fusion Help Desk Software Web Browser : Mozilla Firefox Site : http://insecurity.ro Po...

FlexCMS 3.2.1 Cross Site Scripting

Persistent XSS in FLEXCMS 3.2.1 Software vendor: http://www.flexcms.com/flex/index.html The Persistent XSS appears when any user go to edit profile Display name and then injects the xss code instead of his display name. After inkection this code. In the main page of the webiste, there is "Users...

FlexCMS 3.2.1 - Persistent Cross-Site Scripting

FlexCMS 3.2.1 - Persistent Cross-Site Scripting Persistent XSS in FLEXCMS 3.2.1 Software vendor: http://www.flexcms.com/flex/index.html The Persistent XSS appears when any user go to edit profile Display name and then injects the xss code instead of his display name. After inkection this code. In...

FlexCMS 3.2.1 for logged in users XSS

Exploit for php platform in category web applications Persistent XSS in FLEXCMS 3.2.1 Software vendor: http://www.flexcms.com/flex/index.html The Persistent XSS appears when any user go to edit profile Display name and then injects the xss code instead of his display name. After inkection this...

FlexCMS 3.2.1 - Persistent Cross-Site Scripting

Persistent XSS in FLEXCMS 3.2.1 Software vendor: http://www.flexcms.com/flex/index.html The Persistent XSS appears when any user go to edit profile Display name and then injects the xss code instead of his display name. After inkection this code. In the main page of the webiste, there is "Users...

Microsoft Bing Flash Editor Cross Site Scripting

Title: ====== Microsoft Bing - Editor Flash Component Vulnerability Date: ===== 2012-03-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=449 MSRC ID1: 12173 MSRC ID2: 12227 Credits: http://technet.microsoft.com/en-us/security/cc308589 VL-ID: ===== 449 Introduction:...

Max Guestbook 1.0 - Multiple Vulnerabilities

Max Guestbook 1.0 - Multiple Vulnerabilities Exploit Title: Maxs Guestbook Google Dork: "Powered by PHP F1" Date: 14/03/2012 Author: n0tch aka andmuchmore Software Link: http://www.phpf1.com/download.html?dl=18 Version: 1.0 Tested on: Windows 7 / LinuxUbuntu +-- LFI --+...

Microsoft Bing - Persistent Web Service Vulnerability

Document Title: =============== Microsoft Bing - Persistent Web Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=449 MSRC ID1: 12173 MSRC ID2: 12227 Release Date: ============= 2012-03-14 Vulnerability Laboratory ID VL-ID:...

Max Guestbook 1.0 - Multiple Vulnerabilities

Exploit Title: Maxs Guestbook Google Dork: "Powered by PHP F1" Date: 14/03/2012 Author: n0tch aka andmuchmore Software Link: http://www.phpf1.com/download.html?dl=18 Version: 1.0 Tested on: Windows 7 / LinuxUbuntu +-- LFI --+...

Simple Posting System - Multiple Vulnerabilities

Exploit Title: Simple Posting System Multple Google Dork: inurl:sps.php?old= or inurl:sps.php " Date: 14/03/2012 Author: n0tch aka andmuchmore Software Link: http://realize.be/files/sps.tar.gz Version: 1.0 Final Tested on: Windows 7 / LinuxUbuntu +-- LFI --+...

Microsoft Bing - Persistent Web Service Vulnerability

Document Title: =============== Microsoft Bing - Persistent Web Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=449 MSRC ID1: 12173 MSRC ID2: 12227 Release Date: ============= 2012-03-14 Vulnerability Laboratory ID VL-ID:...

Max's Guestbook 1.0 Local File Inclusion / Path Disclosure

Exploit Title: Maxs Guestbook Google Dork: "Powered by PHP F1" Date: 14/03/2012 Author: n0tch aka andmuchmore Software Link: http://www.phpf1.com/download.html?dl=18 Version: 1.0 Tested on: Windows 7 / LinuxUbuntu +-- LFI --+...

Simple Posting System 1.0 Final Local File Inclusion

Exploit Title: Simple Posting System Multiple Google Dork: inurl:sps.php?old= or inurl:sps.php " Date: 14/03/2012 Author: n0tch aka andmuchmore Software Link: http://realize.be/files/sps.tar.gz Version: 1.0 Final Tested on: Windows 7 / LinuxUbuntu +-- LFI --+...

OpenShop - XSS / SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities

!-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zend Data Cache 4.0 Zend Job Queue 4.0 Zend Debugger 5.3 Zend Java Bridg...

Myheritage.com / Livemocha.com Cross Site Scripting

Date: 11.03.2012 Author: Sony Web Browser : Mozilla Firefox Blog: http://st2tea.blogspot.com .................................................................. Social Networks. 5-10 minute with hands. Intersting place for cross site scripting. 1. Myheritage.com We have a multiple persistent cross...