897 matches found
Urban Dictionary: Session replay vulnerability in www.urbandictionary.com
Session replay vulnerability in www.urbandictionary.com I considered titling this bug "Session tokens not expiring", which is what you need to tell your development team. But I titled it as I did to emphasize at least one attack made possible by the bug. There may be others. Description Privilege...
WordPress Google Analytics Dashboard 2.1.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ Cross-Site Scripting in Google Analytics Dashboard WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...
WordPress User Login Log 2.2.1 Cross Site Scripting
------------------------------------------------------------------------ Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin ------------------------------------------------------------------------ Axel Koolhaas, July 2016...
WordPress Magic Fields 1 1.7.1 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting in Magic Fields 1 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ----------------------------------------------------------------------...
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting
Source: https://sumofpwn.nl/advisory/2016/storedcrosssitescriptingvulnerabilityinuserloginlogwordpressplugin.html Abstract A stored Cross-Site Scripting vulnerability was found in the User Login Log WordPress Plugin. This issue can be exploited by Subscriber or higher and allows an attacker to...
CVE-2016-9703
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information...
IBM Security Identity Manager Virtual Appliance Local Information Disclosure Vulnerability
IBM Security Privileged Identity Manager is an enterprise identity management security solution. The IBM Security Identity Manager Virtual Appliance does not properly log out of session tokens, which can allow unauthorized users to gain access to sensitive workstation information...
SAP NetWeaver AS JAVA 7.3 AS JAVA XSS in ctcprotocol/Protocol servlet
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.3 Vendor URL: SAP Bugs: XXS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2406783 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS...
WordPress Image Gallery 1.9.65 Cross Site Scripting Vulnerability
WordPress Image Gallery plugin version 1.9.65 suffers from a persistent cross site scripting vulnerability. ------------------------------------------------------------------------ Stored Cross-Site Scripting in Gallery - Image Gallery WordPress Plugin...
WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery
!-- Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptingininstagramfeedpluginviacsrf.html Persistent Cross-Site Scripting in Instagram Feed plugin via CSRF Abstract A persistent Cross-Site Scripting vulnerability was found in the Instagram Feed plugin. This issue allows an...
WordPress Huge IT Portfolio Gallery 2.0.77 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin ------------------------------------------------------------------------ Antonis Manaras, July 2016...
WordPress Canvas - Shortcodes 1.92 Cross Site Scripting
------------------------------------------------------------------------ Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...
ShopZilla Comparision Shopping Script 2.3 Cross Site Scripting
======================================================================== | Title : shopzilla Comparison Shopping Script v2.3 xss vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : v2.3 | Vendor :...
WordPress Google Maps 6.3.14 Cross Site Request Forgery
------------------------------------------------------------------------ Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF ------------------------------------------------------------------------ Sipke Mellema, July 2016...
WordPress Calendar 1.3.7 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting in Calendar WordPress Plugin ------------------------------------------------------------------------ Remco Vermeulen, July 2016 ------------------------------------------------------------------------...
WordPress Quotes Collection 2.0.5 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...
WordPress Calendar 1.3.7 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ Cross-Site Scripting in Calendar WordPress Plugin ------------------------------------------------------------------------ Remco Vermeulen, July 2016...
WordPress Caldera Forms 1.3.5.3 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin ------------------------------------------------------------------------ Jurgen Kloosterman, July 2016...
Codoforum 3.4 Build 19 Cross Site Scripting
======================================================================== | Title : codoforum.v.3.4.build-19 XSS vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 5.2.0 | Vendor : http://codoforum.com/ | Dork : Powered by...
Kure 0.7.1 Cross Site Scripting
======================================================================== | Title : kure-0.7.1 XSS vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 0.7.1 | Vendor :...