openssl: BN_mod_exp may produce incorrect results on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

Barracuda ADC 5.x - Multiple Persistent Vulnerabilities

Document Title: =============== Barracuda ADC 5.x - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1424 Release Date: ============= 2018-07-12 Vulnerability Laboratory ID VL-ID: ==================================== 14...

Instagram-Clone Script 2.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Instagram-clone Script 2.0 - Cross-Site Scripting Exploit Author: L0RD Vendor Homepage: https://github.com/yTakkar/Instagram-clone Version: 2.0 CVE: CVE-2018-13849 Tested on: Kali linux POC : Persistent Cross site scripting :...

Instagram-Clone Script 2.0 - Cross-Site Scripting

Instagram-Clone Script 2.0 - Cross-Site Scripting Exploit Title: Instagram-clone Script 2.0 - Cross-Site Scripting Date: 2018-07-10 Exploit Author: L0RD Vendor Homepage: https://github.com/yTakkar/Instagram-clone Version: 2.0 CVE: CVE-2018-13849 Tested on: Kali linux POC : Persistent Cross site...

Barracuda ADC 5.x - Multiple Persistent Vulnerabilities

Document Title: =============== Barracuda ADC 5.x - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1424 Release Date: ============= 2018-07-11 Vulnerability Laboratory ID VL-ID: ==================================== 14...

de.sydney.com XSS vulnerability

Open Bug Bounty ID: OBB-644403 Description| Value ---|--- Affected Website:| de.sydney.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

PayPal (Notify) - Filter Bypass & Persistent Vulnerability

Document Title: =============== PayPal Notify - Filter Bypass & Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1425 Video: https://www.youtube.com/watch?v=J2upim5MrV0 Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1640 Release Dat...

FreeBSD : mybb -- vulnerabilities (bfd5d004-81d4-11e8-a29a-00e04c1ea73d)

mybb Team reports : High risk: Image and URL MyCode Persistent XSS Medium risk: Multipage Reflected XSS Low risk: ACP logs XSS Low risk: Arbitrary file deletion via ACP's Settings Low risk: Login CSRF Low risk: Non-video content embedding via Video MyCode C Tenable Network Security, Inc. The...

Debian: Security Advisory (DLA-1396-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PayPal (Notify) - Filter Bypass & Persistent Vulnerability

Document Title: =============== PayPal Notify - Filter Bypass & Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1425 Video: https://www.youtube.com/watch?v=J2upim5MrV0 Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1640 Release Dat...

Barracuda ADC 5.x - Filter Bypass & Persistent Vulnerability

Document Title: =============== Barracuda ADC 5.x - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1423 Release Date: ============= 2018-07-08 Vulnerability Laboratory ID VL-ID: ==================================...

Cross-site Request Forgery (CSRF)

gleez/cms is vulnerable to cross-site request forgery CSRF attacks. The vulnerability exists in the /page/add request where a persistent cross-site scripting XSS attack can lead to a CSRF attack...

AT&T Bizcircle - Persistent Profile Cross Site Vulnerability

Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...

Salesforce Careermount - Bypass & Persistent Vulnerability

Document Title: =============== Salesforce Careermount - Bypass & Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1969 Release Date: ============= 2018-07-05 Vulnerability Laboratory ID VL-ID: ===================================...

mybb -- vulnerabilities

mybb Team reports: High risk: Image and URL MyCode Persistent XSS Medium risk: Multipage Reflected XSS Low risk: ACP logs XSS Low risk: Arbitrary file deletion via ACP’s Settings Low risk: Login CSRF Low risk: Non-video content embedding via Video MyCode...

Salesforce Careermount - Bypass & XSS Web Vulnerability

Document Title: =============== Salesforce Careermount - Bypass & XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1969 Release Date: ============= 2018-07-04 Vulnerability Laboratory ID VL-ID: ====================================...

AT&T Bizcircle - Persistent Profile Cross Site Vulnerability

Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...

LinkedIn: Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com

This report was previously published on Medium.com/@JonathanBouman. Follow me on Twitter or Medium for new reports. F361972 Proof of concept Background In my previous report we learned more about a special type of the persistent XSS attack; the unvalidated oEmbed attack. This attack allows us to...

Design/Logic Flaw

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability...

CVE-2018-13000

An XSS issue was discovered in Advanced Electron Forum AEF v1.0.9. A persistent XSS vulnerability is located in the FTP Link element of the Private Message module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to injec...