2672 matches found
WordPress Claptastic clap! Button Plugin <= 1.3 - Cross Site Scripting (XSS)
This plugin is prone to a cross site scripting vulnerability, because it fails to sufficiently sanitize user-supplied input. Solution Update the plugin...
Uber: Session retention is present which reveals the customer info
Issue : Session retention is present at partner.uber.com which reveals all senstive data Steps to reproduce : 1Login to partner.uber.com under any driver profile 2navigate to summary page or any page e.g payment page 3logout the application 4press back button of the application application reveal...
Adobe Flash - SimpleButton Creation Type Confusion
Adobe Flash - SimpleButton Creation Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=640 There is a type confusion vulnerability in the SimpleButton constructor. Flash stores an empty button to use to create buttons for optimization reasons. If this objec...
WordPress Booking Calendar Contact Form 1.0.23 Blind SQL Injection
Exploit Title: Wordpress booking calendar contact form =v1.0.23 - Unauthenticated blind SQL injection Date: 2016-02-08 Google Dork: Index of /wp-content/plugins/booking-calendar-contact-form Exploit Author: Joaquin Ramirez Martinez i0 SEC-LABORATORY Vendor Homepage: http://wordpress.dwbooster.com...
WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilities
WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilities Exploit Title: Wordpress booking calendar contact form =v1.0.23 - Unauthenticated blind SQL injection Date: 2016-02-08 Google Dork: Index of /wp-content/plugins/booking-calendar-contact-form Exploit Author: Joaquin...
Getdpd Cross Site Scripting
Document Title: =============== Getdpd Bug Bounty 1 - asm0option0 Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1464 ID: 14770 Release Date: ============= 2016-02-02 Vulnerability Laboratory ID VL-ID:...
UBUNTU-CVE-2016-1728
The Cascading Style Sheets CSS implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site...
Google Chrome URL Forgery Vulnerability
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the 'CustomButton::AcceleratorPressed' function in the ui/views/controls/button/custombutton.cc file in Google Chrome versions prior to 48.0.2564.82. ' function in the...
chromium-browser: various fixes from internal audits
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custombutton.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button...
CVE-2016-1616
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custombutton.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button...
CVE-2016-1616
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custombutton.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button...
CVE-2016-1616
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custombutton.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button...
Design/Logic Flaw
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custombutton.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button...
UBUNTU-CVE-2016-1616
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custombutton.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button...
CVE-2016-1616
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custombutton.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button...
CVE-2016-1616
CVE-2016-1616 in Google Chrome/Chromium prior to 48.0.2564.82: The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc allows remote attackers to spoof URLs via vectors involving an unfocused custom button. Impact is remote URL spoofing; likelihood and severity ...
CVE-2016-1616
Removed by vendor...
WordPress Twitter 2.37 Cross Site Scripting
Effected Version : 2.36 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : In the following fields put the payload as below...
WordPress Facebook Like Button 2.32 Cross Site Scripting
Plugin Name : Facebook Like Button Effected Version : 2.32 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : The following field put the paylo...
Token Insert Entity - Moderately Critical - Access bypass and information disclosure - SA-CONTRIB-2015-171
This module offers a WYSIWYG button to embed rendered entities in fields using a WYSIWYG normally the body of a node. There is a vulnerability because a user that can create or edit content and has the "insert entity token" permission can insert tokens relating to e.g. an unpublished node and all...