Cross site scripting

Cross-site scripting XSS vulnerability in the search implementation in IBM Rational Quality Manager RQM 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to...

OpenJDK: insufficient checks of KDC replies (JGSS, 8014341)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS...

Quick Paypal Payments 3.0 - Presistant XSS (0day)

Exploit for php platform in category web applications TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED PRODUCT ================...

Quick Paypal Payments Cross Site Scripting

TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED PRODUCT ================ Quick Paypal Payments Wordpress Plugin Version 3.0...

WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting

WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED...

WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting

TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED PRODUCT ================ Quick Paypal Payments Wordpress Plugin Version 3.0...

Wordpress Quick Contact Form Plugin 6.0 - Persistent XSS

Exploit for php platform in category web applications TITLE ===== Quick Contact Form - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x DATE ==== 10/06/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED PRODUCT ================ Quick Contact Form Wordpress...

Assessing risk for the October 2013 security updates

Today we released eight security bulletins addressing 25 CVE’s. Four bulletins have a maximum severity rating of Critical while the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...

WordPress Quick Contact Form 6.0 Cross Site Scripting

=============================================================================== | | / / / / / / // / / -alertString.fromCharCode90,121,48,100,48,120 --- SNIP --- If the message has been sent successfully a alert diolog will apear containing Zy0d0x when an user checks there message in the...

WordPress Plugin Quick Contact Form 6.0 - Persistent Cross-Site Scripting

=============================================================================== | | / / / / / / // / / -scrip...

Ajax File And Image Manager 1.1 Code Execution

----------------------------------------------------------- PT-2013-41 Positive Technologies Security Advisory Arbitrary Code Execution in Ajax File and Image Manager ----------------------------------------------------------- --- Vulnerable software Ajax File and Image Manager Version: 1.1 and...

Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities)

Multiple vulnerabilities have been found in Iceweasel, the Debian web browser based on Mozilla Firefox: CVE-2012-5829Heap-based buffer overflow in the nsWindow::OnExposeEvent function could allow remote attackers to execute arbitrary code. CVE-2012-5842Multiple unspecified vulnerabilities in the...

Modsecurity Cross Site Scripting Bypass Vulnerability

Modsecurity suffers from a cross site scripting bypass vulnerability. Product: Modsecurity Author: Rafay Baloch Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Reported: 8/8/2013 Fixed: 25/8/2013 Status: Fixed ============ Introduction ============ The ModSecurity firewall i...

Modsecurity Cross Site Scripting Bypass

Product: Modsecurity Author: Rafay Baloch Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Reported: 8/8/2013 Fixed: 25/8/2013 Status: Fixed ============ Introduction ============ The ModSecurity firewall is one of the most known WAF around, It has anonline smoke test where w...

Syrian Electronic Army Hack Results in Compromise of Domain Data For NY Times, Twitter

The Syrian Electronic Army, a group known for attacking high-profile media sites in the last year or so, has in the last few hours compromised the domain information for a large number of sites, including the New York Times home page and some of Twitter’s domains. Security researchers say that th...

Fedora Update for autotrace FEDORA-2013-11904

Check for the Version of autotrace OpenVAS Vulnerability Test Fedora Update for autotrace FEDORA-2013-11904 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Ruby on Rails - Known Secret Session Cookie Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank =...

Fedora Update for openstack-keystone FEDORA-2013-10713

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-10713 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Ruby on Rails Known Secret Session Cookie Remote Code Execution

This Metasploit module implements remote command execution on Ruby on Rails applications. Prerequisite is knowledge of the "secrettoken" Rails 2/3 or "secretkeybase" Rails 4. The values for those can be usually found in the file "RAILSROOT/config/initializers/secrettoken.rb". The module achieves...

Ruby on Rails Known Secret Session Cookie Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 NullSe...