Mail.ru: Back Refresh Attack after registration and successful logout

About the vulnerability: The back, forward and refresh buttons of the browser can be used to steal the password of a previous user. In this article we examine the vulnerability and look at ways to solve them.A web browser has the functionality to store the recent pages browsed by the user in its...

CodoForum 3.4 - Persistent Cross-Site Scripting

CodoForum 3.4 - Persistent Cross-Site Scripting Exploit Title: Codoforum v3.4 Stored Cross-Site Scripting Stored XSS Google Dork: intext:"powered by codoforum" Date: 01/06/2016 Exploit Author: Ahmed Sherif OffensiveBits Vendor Homepage: http://codologic.com/page/ Software Link:...

Option CloudGate CG0192-11897 - Multiple Vulnerabilities

Option CloudGate CG0192-11897 - Multiple Vulnerabilities Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced...

Option CloudGate CG0192-11897 - Multiple Vulnerabilities

Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic...

CVE-2016-1434

The license-certificate upload functionality on Cisco 8800 phones with software 11.01 allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010...

JVN#75028871: CG-WLR300GNV Series does not limit authentication attempts

CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Impact An unauthenticated attacker within wireless range of the device may perfor...

beiker.es XSS vulnerability

Vulnerable URL: http://www.beiker.es/es/search/searchresults?key=...

charles-rema.fr XSS vulnerability

Vulnerable URL: http://www.charles-rema.fr/recherche-index?t=''"/alert"openbugbounty"...

ville-coueron.fr XSS vulnerability

Vulnerable URL: http://www.ville-coueron.fr/recherche.html?q='"/alert"openbugbounty"...

knightfrank.com XSS vulnerability

Vulnerable URL: http://www.knightfrank.com/search?query=...

Nagios XI 5.2.7 - Multiple Vulnerabilities

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios XI Multiple Vulnerabilities Affected versions: Nagios XI = 5.2.7 PDF:...

tatahousing.in XSS vulnerability

Vulnerable URL: http://tatahousing.in/search.php?action=06a943c59f33a34bb5924aaf72cd2995=%22%3E%3Cscript%3Efor%20%28;;%29%20alert%28document.domain%29%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:|...

ubuy.com.tr XSS vulnerability

Vulnerable URL: https://www.ubuy.com.tr/tr/search/?cat=name=="/alert/openbugbounty/...

Bt2 - Blaze Telegram Backdoor Toolkit

bt2 is a Python-based backdoor in form of a IM bot that uses the infrastructure and the feature-rich bot API provided by Telegram, slightly repurposing its communication platform to act as a C&C. Dependencies Telepot requests Installation $ sudo pip install telepot $ sudo pip install requests PS:...

Bime: Bime Unable to load Data Sources

The BIME unable to load the datasource, when user has created larger number of data source , and as a result it's throws error poppup and the enduser can't do any thing, the entire PAGE got broken, can't delete any datasources which leads entire BIME functionality broken This is Error Popup Messa...

central-lab.tabrizu.ac.ir XSS vulnerability

Vulnerable URL: http://central-lab.tabrizu.ac.ir/fa/search/index.html?SearchFolderName=contents=ResultView=zzz"...

The "Restrict to articles with labels" option doesn't restrict the customer portal from suggesting KB's other than those with the nominated Label

h3. Summary Currently we have the "Restrict to articles with labels", where you can specify the label for a request. When a customer is filling the summary for a request, SD will search the knowledge base for similar content from confluence pages with that label. However, the customer portal sear...

CVE-2016-4951

The tipcnlpubldump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a dumpit operation...

JVN#03975805: a-blog cms vulnerable to session management

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a vulnerability in session management of the comment functionality. Impact An arbitrary comment posted may be deleted or a commenter's e-mail address may be obtained by an unauthenticated remote attacker...

[SECURITY] Fedora 24 Update: glibc-2.23.1-7.fc24

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...