WordPress External Video For Everybody Plugin <= 2.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

Hotspot Express hotEx Billing Manager <= 73 Multiple Vulnerabilities - Active Check

Hotspot Express hotEx Billing Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Balero CMS Multiple Vulnerabilities

Balero CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-68-1 : fex security update

CVE-2014-3875 When inserting encoded newline characters into a request to rup, additional HTTP headers can be injected into the reply, as well as new HTML code on the top of the website. CVE-2014-3876 The parameter akey is reflected unfiltered as part of the HTML page. Some characters are forbidd...

Microsoft Internet Explorer EUC-JP Character Encoding Cross Site Scripting - Ver2 (CVE-2013-3192)

A universal cross site scripting vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way that IE handles EUC-JP character encoding. A remote attacker could exploit this vulnerability by submitting specially crafted HTML code into a target web site that uses EUC-JP...

XSSYA v2.0 - Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA Cross Site Scripting Scanner & Vulnerability Confirmation written in python scripting language confirm the XSS Vulnerability in two method first work by execute the payload encoded to bypass Web Application Firewall which is the first method request and responseif it respond 200 it turn...

Visualware MyConnection Server <= 8.2b Multiple XSS Vulnerabilities

Visualware MyConnection Server is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

X (Formerly Twitter): XSS in original referrer after follow

Hey hi, There is a XSS in the intent functionality , Steps to reproduce ======================= 1 copy paste the following Link https://twitter.com/intent/favorite/complete?tweetid=572435913768366080&alreadyfavorited=false&originalreferer=javascript:alert%281%29; 2 Click follow 3 now click return...

SA-CONTRIB-2015-048 - Avatar Uploader - Arbitrary PHP code execution

Avatar Uploader module provides an alternative way to upload user pictures. The module doesn't sufficiently enforce file extensions when an avatar is uploaded, allowing users to bypass Drupal's normal file upload protections to install malicious HTML or executable code to the server. This...

Pirelli ADSL2/2+ Wireless Router P.DGA4001N Information Disclosure Vulnerability

ADB BroadBand Pirelli ADSL2/2+ wireless router version P.DGA4001N suffers from multiple unauthenticated remote information disclosure vulnerabilities. - Title: CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar - Author:...

Pirelli ADSL22+ Wireless Router P.DGA4001N - Information Disclosure

Pirelli ADSL22+ Wireless Router P.DGA4001N - Information Disclosure - Title: CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar - Author: Eduardo Novella @enovella [email protected] - Version: Tested on firmware version...

Pirelli ADSL2/2+ Wireless Router P.DGA4001N Information Disclosure

Title: CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar - Author: Eduardo Novella @enovella [email protected] - Version: Tested on firmware version PDGTEFSP4.06L.6 - Shodan dork : + "Dropbear 0.46 country:es" From now on...

Prolink PRN2001 Multiple Vulnerabilities

This host is Prolink PRN2001 and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nibbleblog 4.0.1 Cross Site Scripting Vulnerability

NibbleBlog versions 4.0.1 and below suffer from a cross site scripting vulnerability ============================================= MGC ALERT 2014-002 - Original release date: March 5, 2014 - Last revised: November 17, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score...

CVE-2 0 1 4-1 7 7 2 – Internet Explorer Use After Free vulnerability detailed analysis-vulnerability warning-the black bar safety net

http://blog.trendmicro.com/trendlabs-security-intelligence/root-cause-analysis-of-cve-2014-1772-an-internet-explorer-use-after-free-vulnerability/ Translated from TrendLabs ! /Article/UploadPic/2014-11/2014111310206615.jpg We often see a wide variety of vulnerabilities, from the user-after-free...

Epicor Enterprise 7.4 - Multiple Vulnerabilities

No description provided by source. "Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th, 2014 - Status: Fixed - Associated CVEs: 1...

ZyXEL SBG-3300 Security Gateway Cross Site Scripting

Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7277 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time of disclosure V1.00AADY.4C0 and below tested Patch: Unpatched Authored by: Mirko...

Epicor Enterprise 7.4 - Multiple Vulnerabilities

"Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th, 2014 - Status: Fixed - Associated CVEs: 1 CVE-2014-4311 Password values not mask...

Cisco Prime Data Center Network Manager 6.x XSS (uncredentialed check)

According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by a cross-site scripting vulnerability due to insufficient validation of input parameters by its web server component. Using a specially crafted URL...

Joomla! Spider Calendar Component <= 3.2.6 SQLi Vulnerability - Active Check

Joomla! Spider Calendar Component is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...