83 matches found
Security Bulletin: Security vulnerability in Oracle Java 7 impacts IBM Rational Collaborative Lifecycle Management products (CVE-2013-0422)
Summary Potential security vulnerability issues may occur if you are using the Oracle Java 7 updates reported in Oracle Security Alert for CVE-2013-0422 when using IBM Collaborative Lifecycle Management CLM products Rational Quality Manager, Rational Team Concert and Rational Requirements Compose...
Geldkarte - transaktionsid Cross Site Scripting Vulnerability
Document Title: =============== Geldkarte - transaktionsid Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2118 Release Date: ============= 2018-02-20 Vulnerability Laboratory ID VL-ID:...
Evolution Script CMS 5.3 Cross Site Scripting
Document Title: =============== Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2075 Release Date: ============= 2017-06-07 Vulnerability Laboratory ID VL-ID:...
Webgrind 'file' Parameter Cross-Site Scripting Vulnerability
Webgrind is a set of PHP execution time analysis tool . A cross-site scripting vulnerability exists in Webgrind's handling of the 'file' parameter, which can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it, which can be used to obtain a sensitive...
Cross-site scripting vulnerability in tcllib'::html::textarea' function
tcllib is a collection of packages for the Tcl programming language, distributed as both source code and precompiled binaries, and supporting a wide range of common operating systems: Windows, BSD, Unix, and Linux. A cross-site scripting vulnerability exists in the tcllib '::html::textarea'...
live800在线沟通平台客户端存储型XSS可攻击客服
简要描述: 帮朋友测试项目时无意间发现的。 详细说明: 我没有做过大量统计和测试,但根据我这几个月零零散散的测试我认为仍然存有大量的桌面应用,web应用和浏览器插件存有一摸一样的问题。 所以,这个XSS的输入点还是文件名。 漏洞证明: 首先我们构造这样的文件名: .jpg 随后通过http://x55.me/800.htm向客服发送文件,如下图: 现在切换到客服的应用界面,看发生了什么?...
Delphi and C++ Builder VCL library Buffer Overflow
1. Advisory Information Title: Delphi and C++ Builder VCL library Buffer Overflow Advisory ID: CORE-2014-0004 Advisory URL:http://www.coresecurity.com/core-labs/advisories/delphi-and-c-builder-vcl-library-buffer-overflow Date published: 2014-08-20 Date of last update: 2014-08-20 Vendors contacted...
用友人力资源管理软件SQL注入漏洞(无需登录,影响所有版本)
简要描述: 详细说明: 用友软件: 涉及客户非常多。都是大型国企、银行、能源、金融重要单位。 举例如下: 大连银行 http://zpyc.bankofdl.com 顺德农商行 http://career.sdebank.com 中国海洋石油总公司 http://zhaopin.cnooc.com.cn 北京市建筑设计研究院 www.biad.com.cn:88/ 民生银行 http://ehr.creditcard.cmbc.com.cn 中国中铁 http://61.232.6.108/ ....等等单位 直接谷歌搜 inurl:hrss/login.jsp inurl:hrss/r...
OTRS FAQ Module - Persistent XSS
No description provided by source. Exploit Title: OTRS Faq Module - Persistent XSS Date: 2-Apr-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.otrs.com Version: OTRS ITSM 3.2.x,OTRS ITSM 3.1.x,OTRS ITSM 3.0.x Tested on: Perl CVE : CVE-2013-2637 OVERVIEW The OTRS ITSM FAQ Module 3.2...
FangMail储存型XSS
简要描述: http://www.fangmail.net/abous/Successcase.html 近10w客户? 详细说明: 邮件正文插入 即可触发。 漏洞证明:...
RealPlayer Heap-based Buffer Overflow Vulnerability
Advisory ID Internal CORE-2013-0903 1. Advisory Information Title: RealPlayer Heap-based Buffer Overflow Vulnerability Advisory ID: CORE-2013-0903 Advisory URL:https://www.coresecurity.com/core-labs/advisories/realplayer-heap-based-buffer-overflow-vulnerability Date published: 2013-12-17 Date of...
PDFCool Studio Buffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PDFCool Studio Buffer Overflow...
CORE-2013-0828 - PDFCool Studio Buffer Overflow Vulnerability
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ PDFCool Studio Buffer Overflow Vulnerability 1. Advisory Information Title: PDFCool Studio Buffer Overflow Vulnerability Advisory ID: CORE-2013-0828 Advisory URL:...
CS-Cart v3.0.4 configured with PayPal Standard Payments design vulnerability
Overview CS-Cart v3.0.4 and possibly other versions configured with PayPal Standard Payment is susceptible to a client-side attack that results in an attacker purchasing items without having to pay for them. Description It has been reported that CS-Cart v3.0.4 configured with PayPal Standard...
osCommerce v2.3.1 with PayPal website payments standard module v1.0 design vulnerability
Overview osCommerce 2.3.1 and possibly other versions with the PayPal website payments standard module is susceptible to a client-side attack that results in an attacker purchasing items without having to pay for them. Description It has been reported that osCommerce 2.3.1 using the PayPal websit...
iGuard Biometric Access Control - Multiple Vulnerabilities
Title: ====== iGuard Biometric Access Control - Multiple Vulnerabilities Date: ===== 2011-11-08 References: =========== 2011/Q3-4 URL: http://vulnerability-lab.com/getcontent.php?id=104 VL-ID: ===== 104 Introduction: ============= Each iGuard Biometric / Smart Card Security Appliance has a built-...
Social-Engineer Toolkit v1.0 - Latest Version Download
The Social Engineer Toolkit SET has been updated to version 1.0! We wrote about the Social Engineer's Toolkit in our old post here. This release is called the Devolution Release. "The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the hum...
CVE-2009-3571
Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...
Code injection
Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...
CVE-2009-3571
Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...