Cisco Linksys E4200 Cross Site Scripting / Local File Inclusion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ============================================= XSS, LFI in Cisco, Linksys E4200 Firmware ============================================= URL: http://www.cloudscan.me/2013/05/xss-lfi-linksys-e4200-firmware-0d.html...

MongoDB server-side JavaScript injection-vulnerability warning-the black bar safety net

Security researchers agixid in the MongoDB database 2. 2. 3 version on found a security vulnerability, and represents a Metasploit exploit payload being developed. The vulnerability is mainly MongoDB incorrect use SpiderMonkey Javascript NativeHelper function, the result can be injected into the...

Qool CMS 2.0 RC2 Cross Site Scripting

Qool CMS v2.0 RC2 Multiple HTML And JavaScript Injection Vulnerabilities input type="hidden" name="lib" value="default"...

Qool CMS 2.0 RC2 - Multiple Vulnerabilities

Qool CMS v2.0 RC2 XSRF Add Root Exploit input...

Alt-N MDaemon 13.0.3 and 12.5.6 Email Body HTML/JS Injection Vulnerability

Exploit for windows platform in category web applications VULNERABILITY DESCRIPTION: ========================== Alt-N MDaemon is prone to an HTML/Javascript injection vulnerability because it fails to sanitize user-supplied input. Attacker-supplied HTML and/or JavaScript code could run in the...

FreeBSD : YUI JavaScript library -- JavaScript injection exploits in Flash components (aa4f86af-3172-11e2-ad21-20cf30e32f6d)

The YUI team reports : Vulnerability in YUI 2.4.0 through YUI 2.9.0 A XSS vulnerability has been discovered in some YUI 2 .swf files from versions 2.4.0 through 2.9.0. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. If your site...

Bugzilla < 3.6.12 / 4.0.9 / 4.2.4 / 4.4rc1 Multiple Vulnerabilities

According to its banner, the version of Bugzilla installed on the remote host is affected by multiple vulnerabilities : - Due to incorrectly filtered field values in tabular reports, code can be injected, which could allow cross-site scripting XSS. Note that this affects versions 4.1.1 to 4.2.3 a...

Movable Type Pro 5.13en - Persistent Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure Introduction Movable Type MT started as on...

Movable Type Pro 5.13en - Persistent Cross-Site Scripting

Movable Type Pro 5.13en - Persistent Cross-Site Scripting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive,...

Movable Type Pro 5.13en Cross Site Scripting

Our researchers discovered a persistent XSS vulnerability, allowing an attacker to inject arbitrary script code into the comment section of any existing Mt5.13en installation. Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Ty...

Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability

/------------------------------------------------------------------- | Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability | -------------------------------------------------------------------/ Summary ======= Microcart 1.0 is subject to several cross-site scripting vulnerabilities...

Microcart 1.0 Checkout Cross Site Scripting

Exploit for php platform in category web applications /-------------------------------------------------------------------\ | Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability | -------------------------------------------------------------------/ Summary ======= Microcart 1.0 is...

WordPress MF Gig Calendar 0.9.2 Cross Site Scripting

/---------------------------------------------------------\ | MF Gig Calendar Wordpress Plugin - Cross-Site Scripting | ---------------------------------------------------------/ Summary ======= MF Gig Calendar 0.9.2 is subject to a cross-site scripting vulnerability. The value of a generic...

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions

The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s logi...

Anantasoft Gazelle CMS 1.0 Cross Site Scripting

/. /\ /\ /\ /\ / / // | | \ \ \ \ / / / /// / // / / / /// / // | / / \ | | | has ranked 2nd in the CMS Awards Popular Awards in the category SEO 2008. Anantasoft Gaselle CMS 1.0 is vulnerable to stored xss due to improper...

Netto.se Open Redirection

Background -------------- Netto is a supermarket chain based in denmark with stores in Denmark, Poland, Germany and Sweden. The following vulnerability affects the swedish branch site although similar ones may affect others. Vulnerability -------------- The vulnerability is present on the netto.s...

Google V8 Server-Side JavaScript Injection joins the set of web application security vulnerabilitie

No description provided by source. Google V8 Server-Side JavaScript Injection joins the set of web application security vulnerabilities TIME-BASED PHP V8JS INJECTION & NOSQL/SSJS INJECTION Detecting server-side JavaScript SSJS injection vulnerabilities using time-based techniques. Article by Feli...

SmartyCMS 0.9.4 Cross Site Scripting

TITLE: SmartyCMS 0.9.4 Template module Persistent XSS vendor: SmartyCMS Author: r007k17-w Email: [email protected] My blog: http://shadowrootkit.wordpress.com/ Google Dork: Copyright 2007 by SmartyCMS 0.9.4 built 334...

Multiple Bugs Haunt WordPress Setup

Researchers have found a string of weaknesses in the WordPress default installation page, including PHP code execution and a persistent cross-site scripting flaw, affecting versions 3.3.1 and later. WordPress officials say that they’re not planning to fix the vulnerabilities as there’s only a sma...

Facebook User Error Behind Porn, Mutilation Spam

A campaign of explicit spam on Facebook this week has been linked to a relatively obscure exploit method known as self-inflicted JavaScript injection and not malicious code running on Facebook’s massive network, an independent analysis has shown. The campaign, in which violent and pornographic...