Airties RT210 Cross Site Scripting

Airties RT210 Web Interface Stored XSS Vulnerability My + Discovered by: B3mB4m Contact : [email protected] + Greetz : SYS & & KnocKout & Septemb0x Software info |Hardware/Web App : Airties |Affected Version : AirRT210 |Official Web: http://www.airties.com |RISK : Hight...

[SECURITY] Fedora 22 Update: drupal7-ctools-1.7-1.fc22

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

Threat Outbreak Alert RuleID14694: Email Messages Distributing Malicious Software on April 15, 2015

Medium Alert ID: 38393 First Published: 2015 April 15 13:41 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID14694 may contain the following files: Name | Si...

QAEngine Theme - Privilege Escalation

QAEngine vulnerability allows an attacker to have an administrator account on the target's website. PoC http://www.example.com/wp-admin/admin-ajax.php?action=ae-sync-user=createlogin=xADMINpass=xPASS=administrator...

WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download

|||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | + Exploit Title:Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability | | + Exploit Author: Ashiyane Digital Security Team | | + Vendor Homepage :...

Aspose.Words Exporter < 2.0 - Unauthenticated Arbitrary File Download

The Aspose.Words Exporter WordPress plugin was affected by an Arbitrary File Download security vulnerability. The asposedocexporterdownload.php file of the plugin does not restrict access, check permission or validate the file parameter, allowing unauthenticated user to download any file from the...

Realms Wiki Cross Site Request Forgery

CSRF in Realms Wiki Vulnerability Report Mar 19, 2015 Product: Realms Wiki Website: http://realms.io/ Github: https://github.com/scragg0x/realms-wiki CVSS Score: 7.8 AV:N/AC:L/Au:N/C:N/I:C/A:N Realms Wiki is vulnerable to Cross-Site Request Forgery on all posts. Especially of concern are New, Edi...

WordPress Aspose Cloud eBook Generator File Download

|||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | + Exploit Title:Wordpress Aspose-Cloud-eBook-Generator Plugin Arbitrary File Download Vulnerability | | + Exploit Author: Ashiyane Digital Security Team | | + Vendor...

openEMR 4.2.0 Cross Site Scripting / SQL Injection

Advisory: Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0 Advisory ID: SROEADV-2015-08 Author: Steffen Rösemann Affected Software: openEMR v.4.2.0 Release-date: 28th Dec 2014 Vendor URL: http://www.open-emr.org Vendor Status: patched CVE-ID: to be assigned after releas...

Blubrry PowerPress 6.0 Cross Site Scripting

Information ------------ Advisory by Netsparker Name: XSS Vulnerability in Blubrry PowerPress Affected Software : Blubrry PowerPress Affected Versions: 6.0 and possibly below Vendor Homepage : https://wordpress.org/plugins/powerpress/ Vulnerability Type : Cross-site Scripting Severity : Important...

CMS b2evolution 5.2.0 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Advisory ID: SROEADV-2014-09 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 Release-Date: 6th-Dec-2014 Vendor URL: http://b2evolution.net/ Vendor Status: did not respond to issue CVE-ID: -...

Absolut Engine 1.73 - Multiple Vulnerabilities

CMS Absolute Engine version 1.73 suffers from cross site scripting and remote SQL injection vulnerabilities. Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.1.73 CMS Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL:...

WordPress Frontend Uploader 0.9.2 Cross Site Scripting

Exploit Title: Wordpress Frontend Uploader Cross Site ScriptingXSS Software Link: https://wordpress.org/plugins/frontend-uploader/ Author: SECUPENT Website:www.secupent.com Email: researchatsecupentdotcom Date: 27-12-2014 Version: 0.9.2 Exploit :...

RobotStats 1.0 SQL Injection

Title : RobotStats v1.0 robot param SQL Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstats/ Download :...

[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.10.1-1.fc19

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension

High-Tech Bridge Security Research Lab discovered vulnerability in Simple Email Form Joomla Extension, which can be exploited to perform Cross-Site Scripting XSS attacks against visitors and administrators of Joomla websites with installed plugin. 1 Reflected Cross-Site Scripting XSS in Simple...

PYSEC-2014-77

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

Axway Secure Transport 5.1 SP2 - Arbitrary File Upload (via Cross-Site Request Forgery)

function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://sftp.example.org/api/v1.0/files/", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q...

[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.9.1-1.fc21

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in MaxButtons WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against logged-in administrator. 1 Reflected Cross-Site Scripting XSS in MaxButtons wordpress plugin: CVE-2014-7181 Input passed via t...