WordPress Lead Octopus Power SQL Injection

Exploit Title : Wordpress Lead-Octopus-Power plugin SQL INJECTION Exploit Author : Ashiyane Digital Security Team vendor Home : http://wordpress.org/ Home : www.Ashiyane.org Security Risk : HIgh Dork : inurl:wp-content/plugins/Lead-Octopus-Power/lib/optin/optinpage.php?id= Location :...

WordPress Lead Octopus Power Plugin - SQL Injection

This WordPress Lead Octopus Power plugin's "id" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

Mavenlink: privilege escalation

Consider Two browsers say X and Y, also consider two users say A and B. 2. Sign in to https://app.mavenlink.com using user A through browser X, same as login with user B through browser Y. 3. Now create a project through user A, and add user B as a consultant with Team Lead privilege. 4. Now...

Wordpress Plugin Effective Lead Management 3.0.0 - Persistent XSS

No description provided by source. Exploit Title: WP Lead Management v3.0.0 Persistent XSS Date: 8/5/12 Exploit Author: Chris Kellum Software Link: http://downloads.wordpress.org/plugin/wp-effective-lead-management.3.0.1.zip Version: 3.0.0 ===================== Vulnerability Details...

Debian Security Advisory DSA 2960-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb2960.nasl 6724 2017-07-14...

Bonefire 0.7.1 - Reinstall Admin Account

Bonefire 0.7.1 - Reinstall Admin Account !/usr/bin/env python coding: utf-8 Bonefire v.0.7.1 Reinstall Admin Account Exploit Author : Mehmet INCE Analysis write-up : http://www.mehmetince.net/ci-bonefire-reinstall-admin-account-vulnerability-analysis-exploit/ Description : Forgotten controls lead...

Smartphones, A Perfect Cyber Espionage and Surveillance Weapon

The use of mobile devices in government environments concerns the secret service of any states, cyber espionage more often exploits the mobile platforms. Mobile devices are reason of great concern for governments, they have a great computational capability, huge memories to store our personal dat...

Lead Capture Page System Multiple Vulnerabilties

Exploit for php platform in category web applications Lead Capture Page System Multiple Vulnerabilties ============================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : email protected , email protected .:. Home : http://www.iphobos.com/blog/ .:. Script :...

CVE-2012-6312

Cross-site scripting XSS vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php...

Update on CVE assigned for Video Lead Form Plugin Cross-Site

Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 24/11/12 version: 0.5 software link: http://wordpress.org/extend/plugins/video-lead-form/ CVE Assigned - CVE-2012-6312...

Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL

Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 24/11/12 version: 0.5 software link: http://wordpress.org/extend/plugins/video-lead-form/ Video Lead Form plugin descripti...

WordPress Video Lead Form 0.5 Cross Site Scripting

Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 24/11/12 version: 0.5 software link: http://wordpress.org/extend/plugins/video-lead-form/ Video Lead Form plugin descripti...

WordPress Video Lead Form Plugin - Cross Site Scripting

WordPress Video Lead Form plugin's "errMsg" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can stea...

WordPress Plugin Video Lead Form - 'errMsg' Cross-Site Scripting

source: https://www.securityfocus.com/bid/56737/info The Video Lead Form plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Effective Lead Management Plugin 3.0.0 - Persistent XSS

Effective Lead Management plugin is prone to a persistent XSS vulnerability. If the Javascript is included in the name or in the "requirements" field, this vulnerability will fire the admin views the lead management page. Solution Update the plugin...

WordPress Effective Lead Management plugin <= 3.0.0 - Persistent Cross-Site Scripting (XSS) vulnerability

Effective Lead Management plugin is prone to a persistent XSS vulnerability. If the Javascript is included in the name or in the "requirements" field, this vulnerability will fire the admin views the lead management page. Solution Deactivate and delete. This plugin has been closed and is no longe...

WordPress Plugin Effective Lead Management 3.0.0 - Persistent Cross-Site Scripting

Exploit Title: WP Lead Management v3.0.0 Persistent XSS Date: 8/5/12 Exploit Author: Chris Kellum Software Link: http://downloads.wordpress.org/plugin/wp-effective-lead-management.3.0.1.zip Version: 3.0.0 ===================== Vulnerability Details ===================== The form does not properly...

Openconstructor CMS 3.12.0 Reflected XSS

Title: Openconstructor CMS 3.12.0 Multiple Reflected Cross-site Scrpting vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list http://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234 Description: Openconstructo...

Lead Capture Page System 'message' Parameter Cross Site Scripting Vulnerability

Lead Capture Page System is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...