Pirelli ADSL22+ Wireless Router P.DGA4001N - Information Disclosure

Pirelli ADSL22+ Wireless Router P.DGA4001N - Information Disclosure - Title: CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar - Author: Eduardo Novella @enovella [email protected] - Version: Tested on firmware version...

Pirelli ADSL2/2+ Wireless Router P.DGA4001N Information Disclosure

Title: CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar - Author: Eduardo Novella @enovella [email protected] - Version: Tested on firmware version PDGTEFSP4.06L.6 - Shodan dork : + "Dropbear 0.46 country:es" From now on...

Prolink PRN2001 Multiple Vulnerabilities

This host is Prolink PRN2001 and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nibbleblog 4.0.1 Cross Site Scripting Vulnerability

NibbleBlog versions 4.0.1 and below suffer from a cross site scripting vulnerability ============================================= MGC ALERT 2014-002 - Original release date: March 5, 2014 - Last revised: November 17, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score...

CVE-2 0 1 4-1 7 7 2 – Internet Explorer Use After Free vulnerability detailed analysis-vulnerability warning-the black bar safety net

http://blog.trendmicro.com/trendlabs-security-intelligence/root-cause-analysis-of-cve-2014-1772-an-internet-explorer-use-after-free-vulnerability/ Translated from TrendLabs ! /Article/UploadPic/2014-11/2014111310206615.jpg We often see a wide variety of vulnerabilities, from the user-after-free...

Epicor Enterprise 7.4 - Multiple Vulnerabilities

No description provided by source. "Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th, 2014 - Status: Fixed - Associated CVEs: 1...

ZyXEL SBG-3300 Security Gateway Cross Site Scripting

Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7277 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time of disclosure V1.00AADY.4C0 and below tested Patch: Unpatched Authored by: Mirko...

Epicor Enterprise 7.4 - Multiple Vulnerabilities

"Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th, 2014 - Status: Fixed - Associated CVEs: 1 CVE-2014-4311 Password values not mask...

Cisco Prime Data Center Network Manager 6.x XSS (uncredentialed check)

According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by a cross-site scripting vulnerability due to insufficient validation of input parameters by its web server component. Using a specially crafted URL...

Joomla! Spider Calendar Component <= 3.2.6 SQLi Vulnerability - Active Check

Joomla! Spider Calendar Component is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities

Oxwall version 1.7.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with...

SkaDate Lite 2.0 CSRF / Cross Site Scripting

SkaDate Lite 2.0 Mu...

Maccms V8 储存型xss（绕过360防护）

简要描述： rt 详细说明： 自带的360防护脚本对于xss过滤太弱， 留言处没有 对html代码进行实体转义，造成xss。 如，提交 "onerror="eval'\141\154\145\162\164\50\61\51'" 后台查看留言即可触发 加载远程js可偷cookie 漏洞证明：...

Mewsoft NetAuction 3.0 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5023/info NetAuction does not filter HTML code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied HTML code may be included in a malicious links. The attacker-supplied HTML code will b...

Webcam Corp Webcam Watchdog 4.0.1 sresult.exe Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10837/info Reportedly Webcam Corp Webcam Watchdog is affected by a remote cross-site scripting vulnerability in the sresult.exe binary. This issue is due to a failure of the application to properly sanitize user-supplied...

XOOPS 1.0 RC3 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a us...

AneCMS 1.3 Persistant XSS Vulnerability

No description provided by source. Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that does not get...

ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities

No description provided by source. Title : ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://www.articlesetup.com/ Advisory : http://secpod.org/blog/?p=497...

Invision Power Board 1.0/1.1/1.2 Admin.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8381/info Invision Power Board admin.php script reported prone to a cross-site scripting vulnerability. The issue presents itself due to a lack of sufficient sanitization performed by functions in an Invision Power Board...

Divine Content Server 5.0 Error Page Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8763/info It has been reported that Divine Content Server is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the 'pagename' attribute in the err...