Top Business Advertising - SQL Injection Vulnerabilities

Document Title: =============== Top Business Advertising - SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1786 Release Date: ============= 2016-03-20 Vulnerability Laboratory ID VL-ID: ====================================...

ChitaSoft (Web-Application) - SQL Injection Vulnerability

Document Title: =============== ChitaSoft Web-Application - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1782 Release Date: ============= 2016-03-13 Vulnerability Laboratory ID VL-ID: ==================================== 17...

Netgear N300 Wireless Router Authentication Bypass Vulnerability

Netgear N300 wireless router is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-7537

Cross-site request forgery CSRF vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method...

CVE-2015-7537

Cross-site request forgery CSRF vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method...

WordPress No External Links 2.6.3 / 2.7.1 Open Redirect

^^^^^^^^^^^ ^ Exploit Title : Wordpress No External links Plugin Open Redirect ^ Exploit Author : Ashiyane Digital Security Team ^ Vendor Homepage : https://wordpress.org/plugins/wp-noexternallinks/ ^ Google Dork : "inurl:wp-content/plugins/wp-noexternallinks/goto.php" ^ Version : 2.7.1 & 2.6.3 ^...

Sawef - Send Attack Web Forms

SAWEF - Send Attack Web Forms DESCRIPTION The purpose of this tool is to be a Swiss army knife for anyone who works with HTTP, so far it she is basic, bringing only some of the few features that want her to have, but we can already see in this tool: - Email Crawler in sites - Crawler forms on the...

LineNity WP Premium Theme Local File Inclusion

Document Title: =============== LineNity WP Premium Theme - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1645 Release Date: ============= 2015-11-15 Vulnerability Laboratory ID VL-ID: ==================================== 164...

Y-R-S CMS 2015Q4 - (ID) SQL Injection Web Vulnerability

Document Title: =============== Y-R-S CMS 2015Q4 - ID SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1644 Release Date: ============= 2015-11-17 Vulnerability Laboratory ID VL-ID: ==================================== 1644...

Murgent CMS SQL Injection

Document Title: =============== Murgent CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1646 Release Date: ============= 2015-11-16 Vulnerability Laboratory ID VL-ID: ==================================== 1646 Common...

PT-2017-52: Information Disclosure in Rockwell Automation Micrologix 1100 and 1400 PLC

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in Rockwell Automation Micrologix 1100 and 1400 PLC. Vulnerability in programmable-logic controllers, caused by sending user credentials to the web server using a HTTP GET method, allows attacker...

LinuxOptic CMS 2009 Authentication Bypass Vulnerability

Exploit for php platform in category web applications Document Title: =============== LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability Product & Service Introduction: =============================== By employing the best brains in software programming, graphic designing and webmasters in o...

AirDroid ID - Client Side JSONP Callback Vulnerability

Document Title: =============== AirDroid ID - Client Side JSONP Callback Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1544 Release Date: ============= 2015-07-10 Vulnerability Laboratory ID VL-ID: ==================================== 154...

UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability

Document Title: =============== UBNT Bug Bounty 1 - Client Side Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1465 52988 Release Date: ============= 2015-08-17 Vulnerability Laboratory ID VL-ID:...

UBNT Bug Bounty #1 - CS Cross Site Scripting Vulnerability

Document Title: =============== UBNT Bug Bounty 1 - CS Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1465 52988 Release Date: ============= 2015-08-17 Vulnerability Laboratory ID VL-ID:...

BizIdea Design CMS 2015Q3 SQL Injection Vulnerability

BizIdea Design CMS 2015Q3 suffers from a remote SQL injection vulnerability. Document Title: =============== bizidea Design CMS 2015Q3 - SQL Injection Vulnerability Product & Service Introduction: =============================== http://www.bizidea.co.th Technical Details & Description:...

Zaption: Using GET method for account login with CSRF token leaking to external sites Via Referer.

HI At the time of login, the values are present in URL along with the CSRF token. Also this URL is leaking to external sites in HTTP REFRERER. Here are some of those sites: dxzc9stvaxhhy.cloudfront.net bam.nr-data.net ssl.google-analytics.com usage.trackjs.com api.mixpanel.com...

GET to the vulnerability-vulnerability warning-the black bar safety net

This article is mainly about the current on the Internet get method is non-standard use of some of the security vulnerabilities. Which focuses on speaking the get request in the account login system is abuse of the scene and attacks. 0x01 Get method defined In between the client and server for...

mysql-lite-administrator XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt Vendor: ============================================= code.google.com/p/mysql-lite-administrator Product:...

Symphony CMS 2.6.2

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt Vendor: ================================ www.getsymphony.com/download/ Product: ================================ Symphony CMS 2.6.2 Advisory Information:...