SHOUTcast DNAS 2.2.1 - Stored XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: SHOUTcast DNAS v2.2.1 win32 XSS\HTML Injection in Song history other version may be also affected Date: 2014-06-11 Exploit Author: robercik101 Vendor Homepage: http://www.shoutcast.com/ ?t=373139 Software Link:...

ORACLE Subdomain Page Defaced by Indian Hacker

A group of Indian Hackers dubbed as I-HOS TEAM has successfully defaced a page on the sub domain of Oracle Corporation, biggest provider of enterprise software, computer hardware and Services. The users visiting the domain are being greeted with a custom webpage with black background and the them...

Feedly Android App Javascript Injection vulnerability exposes Millions of Users to Hackers

When it comes to Android apps, even the simplest app could greatly compromise your privacy and security. Injecting malicious JavaScript into Android applications has drawn an increased attention from the hacking community as its market share spikes. According to security researcher Jeremy S. from...

Firefox Plugin Finder Javascript Injection - Ver2 (CVE-2005-0752)

A code execution vulnerability has been reported in Mozilla Firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Telligent Evolution 7.5.0.32466 Cross Site Scripting

Vulnerability title: Cross-site Scripting in Telligent Evolution CVE: CVE-2014-1223 Vendor: Telligent Product: Evolution Affected version: 7.5.0.32466 Fixed version: 7.6.7.36651 Reported by: Jerzy Kramarz Details: It is possible for an attacker to inject JavaScript by manipulating the 'msg'...

jsict /MockLogin.aspx 后门漏洞

No description provided by source...

Automated NoSQL Database Injection Attacks: NoSQLMap

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...

DEBIAN-CVE-2014-1869

Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...

PT-2014-90: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Reflected cross-site scripting in the account.php page allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How ...

Fedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047)

Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...

MGASA-2013-0368 Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...

Helpdesk Pilot Cross Site Request Forgery / Cross Site Scripting

Ciaran McNally Application: Helpdesk Pilot http://www.helpdeskpilot.com/ Versions: All versions. Platforms: Windows, Mac, Linux Bug: XSS/CSRF Add Administrator Exploitation: WEB Date: 30 November 2013. Author: Ciaran McNally Web: http://makthepla.net/blog/=/helpdesk-pilot-add-admin My Twitter:...

Fedora 19 : mediawiki-1.21.3-1.fc19 (2013-21856)

Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...

Fedora 18 : mediawiki-1.19.9-1.fc18 (2013-21874)

Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly...

Claroline 1.11.8 Cross Site Scripting Vulnerability

Malicious users can inject JavaScript, HTML. and attacker can steal the session cookie and take over the account. Exploit Title: Claroline 1.11.8 Cross Site Scripting Date: 2013 11 October Author: Arsan Software Homepage: http://www.claroline.net Version : 1.11.8 Security Risk: High Tested on:...

Moodle 2.3.82.4.5 - Multiple Vulnerabilities

Moodle 2.3.82.4.5 - Multiple Vulnerabilities Ciaran McNally Application: Moodle http://download.moodle.org/ Versions: parameter in an rss feed is vulnerable to javascript injection. This blog post is viewable by everyone on moodle and you can link to it directly. Upon clicking the "Link to origin...

Moodle 2.3.9 / 2.4.9 Javascript Insertion

Ciaran McNally Application: Moodle http://download.moodle.org/ Versions: parameter in an rss feed is vulnerable to javascript injection. This blog post is viewable by everyone on moodle and you can link to it directly. Upon clicking the "Link to original blog entry" link, you get javascript...

Hewlett-Packard Application Lifecycle Management Quality Center Multiple Cross-Site Scripting Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of HP Application Lifecycle Management Quality Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...

Cisco Linksys E4200 Firmware - XSS/LFI Vulnerabilities

Exploit for hardware platform in category web applications ============================================= XSS, LFI in Cisco, Linksys E4200 Firmware ============================================= URL: http://www.cloudscan.me/2013/05/xss-lfi-linksys-e4200-firmware-0d.html...