DCP-Portal 3.7/4.x/5.x/6.x forums.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17050/info DCP Portal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

chCounter indirect SQL Injection and XSS Vulnerabilities

No description provided by source. Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities Date: 29.04.2010 Author: Valentin Category: webapps/0day Version: 3.1.1 Tested on: Debian, Apache2, PHP5, MySQL5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...

Mambo Open Source 4.0.14 Server SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9196/info It has bee reported that Mambo Open Source 4.0.14 Server is prone to SQL injection attacks. The problem is said to occur due to insufficient sanitization of data passed to specific index.php variables. As a...

Barter Sites 1.3 Joomla Component Multiple Vulnerabilities

No description provided by source. Barter Sites 1.3 Component Joomla SQL Injection & Persistent XSS vulnerabilities Release Date Bug. 28-Oct-2011 Date Added. 01-Oct-2011 Vendor Notification Date. Never Product. Barter Sites Platform. Joomla Affected versions. 1.3 Type. Commercial Price. $99 Attac...

Wordpress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

No description provided by source. Exploit Title: Mini Mail Dashboard Widget Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

NG WifiTransfer Pro 1.1 Local File Inclusion

Document Title: =============== NG WifiTransfer Pro 1.1 - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1260 Release Date: ============= 2014-04-28 Vulnerability Laboratory ID VL-ID: ==================================== 1260...

TigerCom My Assistant 1.1 Local File Inclusion

Document Title: =============== TigerCom My Assistant v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1268 Release Date: ============= 2014-05-23 Vulnerability Laboratory ID VL-ID: ===================================...

Assessing risk for the May 2014 security updates

Today we released eight security bulletins addressing 13 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. The table is designed to help you prioritize the deployment of updates appropriately for your environmen...

OpenJDK: checkPackageAccess missing security check (Libraries, 8017291)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...

Android Browser and WebView addJavascriptInterface Code Execution

This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs...

OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commente...

ATI video drivers DoS

Video driver vulnerability leads to system crash. Browser flash plugin may be used as an attack vector...

Song Exporter 2.1.1 RS Local File Inclusion

Document Title: =============== Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1172 Release Date: ============= 2013-12-19 Vulnerability Laboratory ID VL-ID: ====================================...

Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities

Document Title: =============== Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1172 Release Date: ============= 2013-12-18 Vulnerability Laboratory ID VL-ID: ====================================...

Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities

Document Title: =============== Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1172 Release Date: ============= 2013-12-18 Vulnerability Laboratory ID VL-ID: ====================================...

OpenJDK: insufficient checks of KDC replies (JGSS, 8014341)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS...

Quick Paypal Payments 3.0 - Presistant XSS (0day)

Exploit for php platform in category web applications TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED PRODUCT ================...

Quick Paypal Payments Cross Site Scripting

TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED PRODUCT ================ Quick Paypal Payments Wordpress Plugin Version 3.0...

WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting

WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED...

WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting

TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED PRODUCT ================ Quick Paypal Payments Wordpress Plugin Version 3.0...