Podcast Generator 2.7 Cross Site Scripting

Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7 Information -------------------- Advisory by Netsparker Name: Stored Cross-site scripting in Podcast Generator 2.7 Affected Software: Podcast Generator Affected Versions: 2.7 Homepage: http://www.podcastgenerator.net/ Vulnerabilit...

OrangeForum 1.4.0 Open Redirection

Open Redirection Vulnerabilities in OrangeForum 1.4.0 Information -------------------- Advisory by Netsparker Name: Open Redirection Vulnerabilities in OrangeForum 1.4.0 Affected Software: OrangeForum Affected Versions: 1.4.0 Homepage: https://github.com/s-gv/orangeforum Vulnerability: Open...

Family Connections 3.7.0 Cross Site Scripting

Multiple Cross-site Scripting Vulnerabilities in Family Connections 3.7.0 Information -------------------- Advisory by Netsparker Name: Multiple Reflected Cross-site Scripting Vulnerabilities in Family Connections Affected Software: Family Connection Affected Versions: 3.7.0 Homepage:...

ZeewaysCMS - Multiple Vulnerabilities

Exploit for php platform in category web applications ZeewaysCMS Multiple Vulnerabilities Software - ZeewaysCMS Vendor Product Description - ZeewaysCMS is a Content Management System and a complete Web & Mobile Solution developed by Zeeways for Corporates, Individuals or any kind of Business need...

ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities

ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities Systems Affected Product : ManageEngine Password Manager Pro Company : ZOHO Corp. Build Number : 8.1 to 8.3 and probably earlier versions Affected Versions : 8102 to 8302 and probably earlier versions Product Description...

Thomson Router TWG850-4U XSS / CSRF / Unauthenticated Access

System Affected Thomson Router HW Revision 2.0 VENDOR Thomson BOOT Revision 2.1.7i MODEL TWG850-4U Software Version ST9D.01.09 Serial Number 00939902404041 Firmware Name TWG850-4U-9D.01.09-100528-S-001.bin Vulnerabilities 1- Cross-Site Request Forgery 2- Unauthenticated access to resources 3-...

D-Link DVG-N5402SP Cross Site Scripting

DLink Multiple Cross Site Scripting Vulnerabilities Vendor : www.dlink.com Product Model: DVG­N5402SP Published: 02/22/2016 Discovered by vesp3r [email protected] Advisory Timeline ----------------- 02/05/2016 - Vendor notified No response Vulnerability ------------- Reflected Cross Site...

Visual Paradigm Server 10.0 Cross Site Scripting Vulnerability

Visual Paradigm Server version 10.0 suffers from a cross site scripting vulnerability. ================================================================ Visual Paradigm Server v10.0 - Cross Site Scripting XSS ================================================================ Information...

zTree 3.5.19.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in zTree v3 Affected Software : zTree Affected Versions: v3.5.19.1 and possibly below Vendor Homepage : https://github.com/zTree/zTreev3 Vulnerability...

Netgear Router Vulnerabilities Public Exploits

A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the companies that privately...

ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal

ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal Exploit Title: ManageEngine ServiceDesk Plus Product Description ------------------- ServiceDesk Plus is an ITIL ready IT help desk software for organizations of all sizes. With advanced ITSM functionality and easy-to-use...

Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities

Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities Exploit Title: FiyoCMS Multiple Vulnerabilities Date: 29 March 2015 Exploit Author: Mahendra Vendor Homepage: www.fiyo.org Software Link: http://sourceforge.net/projects/fiyo-cms/ Version: 2.0.1.8, other version might be vulnerable. Tested : Kali Linux...

FiyoCMS 2.0.1.8 XSS / SQL Injection / URL Bypass

Exploit Title: FiyoCMS Multiple Vulnerabilities Date: 29 March 2015 Exploit Author: Mahendra Vendor Homepage: www.fiyo.org Software Link: http://sourceforge.net/projects/fiyo-cms/ Version: 2.0.1.8, other version might be vulnerable. Tested : Kali Linux 1.0.9a-amd64 CVEs:...

OpenSchool Community Edition 2.2 XSS / Access Bypass Vulnerabilities

Exploit for php platform in category web applications Exploit Title: OpenSchool Community Edition version 2.2 Multiple Vulnerabilities Exploit Author: Mahendra Vendor Homepage: www.open-school.org Software Link: http://sourceforge.net/projects/fiyo-cms/ Full version demo:...

CVE-2015-1178-xss-x-cart-ecommerce

CVE-2015-1178-xss-x-cart-ecommerce Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in X-CART e-Commerce software Affected Software : X-Cart Affected Versions: 5.1.8 and possibly below Vendor Homepage : https://www.x-cart.com Vulnerability Type : Cross-site...

CVE-2015-1180-xss-eventsentry

CVE-2015-1180-xss-eventsentry Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in EventSentry Web Reports Interface Affected Software : EventSentry Affected Versions: 3.1.0 and possibly below Vendor Homepage : http://eventsentry.com/ Vulnerability Type :...

Mango Automation SCADA/HMI 2.4.0 Cross Site Scripting

CVE-2015-1179-xss-mango-automation-scada Information ----------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in Mango Automation SCADA/HMI software Affected Software : Mango Automation Affected Versions: 2.4.0 and possibly below Vendor Homepage : http://infiniteautomation.com/...

EventSentry 3.1.0 Cross Site Scripting

CVE-2015-1180-xss-eventsentry Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in EventSentry Web Reports Interface Affected Software : EventSentry Affected Versions: 3.1.0 and possibly below Vendor Homepage : http://eventsentry.com/ Vulnerability Type :...

tcpdump 4.6.2 - Geonet Decoder Denial of Service

tcpdump 4.6.2 - Geonet Decoder Denial of Service CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or...

tcpdump 4.6.2 Geonet Decoder Denial of Service Vulnerability

Exploit for multiple platform in category dos / poc CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or...