Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation Vulnerabilities

Revive Adserver versions 4.0.0 and below suffer from cross site scripting, session fixation, and deserialization of untrusted data vulnerabilities. Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation Applications affected: Revive Adserver Versions affected: = 4.0.1 Website:...

How A Bug Hunter Forced Apple to Completely Remove A Newly Launched Feature

Recently Apple released a new Feature for iPhone and iPad users, but it was so buggy that the company had no option other than rolling back the feature completely. In November, Apple introduced a new App Store feature, dubbed "Notify" button — a bright orange button that users can click if they...

Persistent Cross-site Scripting (XSS)

ghost is vulnerable to persistent cross-site scripting XSS. This is because it fails to sanitize user data, thus making it possible for an attacker to supply crafted input in order to harm third party users...

Harvest: Persistent XSS on ForecastApp

When adding a new Person, by inserting this in First or Last Name, I've got a persistent XSS: The key for this is that the person with the XSS string must appear in one or more dropdown menus. In other words, the Person must be available to be assigned to at least one project. I can also trigger...

Ghost Blog 0.11.3 Cross Site Scripting Vulnerability

Tempest Security Intelligence Advisory ADV-9/2017 - Ghost Blog version 0.11.3 suffers from a persistent cross site scripting vulnerability. Persistent Cross-Site Scripting XSS in Ghost ------------------------------------------------------- Author: - Patrick Costa Tempest Security Intelligence -...

Cisco Webex Meeting - Open Redirect Web Vulnerability

Document Title: =============== Cisco Webex Meeting - Open Redirect Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1950 PSIRT ID: 1079904098 Bulletin:...

Courier Management System - SQL Injection

Courier Management System - SQL Injection Title : Courier Management System - Sql Injection and non-persistent XSS login portal Date: 17 January 2017 Exploit Author: Sibusiso Sishi [email protected] Tested on: Windows7 x32 Vendor: http://couriermanageme.sourceforge.net/ Version: not supplied...

Apple iOS (Notify iTunes) - Bypass & Persistent Vulnerability

Document Title: =============== Apple iOS Notify iTunes - Bypass & Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2024 Followup ID: 654962036 Vulnerability Magazine:...

Apple iTunes Notify Script Insertion

Document Title: =============== Apple iTunes Notify - Bypass & Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2024 Followup ID: 654962036 Vulnerability Magazine:...

Business Networking Script 8.11 - SQL Injection / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title : ----------- : Business Networking Script v8.11- SQLi & Persistent Cross Site Scripting Author : ----------------- : Ahmet Gurel Google Dork : --------- : - Date : -------------------- : 16/01/2017 Type : -------------------- :...

Apple iOS (Notify iTunes) - Bypass & Persistent Vulnerability

Document Title: =============== Apple iOS Notify iTunes - Bypass & Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2024 Followup ID: 654962036 Vulnerability Magazine:...

Salesforce (Event Registration) Script Insertion

Document Title: =============== Salesforce Event Registration - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1991 Release Date: ============= 2017-01-11 Vulnerability Laboratory ID VL-ID: ====================================...

Business Networking Script 8.11 Cross Site Scripting / SQL Injection

Exploit Title : ----------- : Business Networking Script v8.11- SQLi & Persistent Cross Site Scripting Author : ----------------- : Ahmet Gurel Google Dork : --------- : - Date : -------------------- : 16/01/2017 Type : -------------------- : webapps Platform : --------------- : PHP Vendor Homepa...

Cobi Tools 1.0.8 Script Insertion

Document Title: =============== Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2028 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID VL-ID: ==================================== 2028...

Blackboard LMS 9.1 SP14 Cross Site Scripting

Document Title: =============== BlackBoard LMS 9.1 SP14 - Title Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1901 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID VL-ID: ====================================...

Blackboard LMS 9.1 SP14 Cross Site Scripting

Document Title: =============== Blackboard LMS 9.1 SP14 - Profile Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1900 Release Date: ============= 2017-01-09 Vulnerability Laboratory ID VL-ID: ====================================...

Salesforce (Event Registration) - Persistent Vulnerability

Document Title: =============== Salesforce Event Registration - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1991 Release Date: ============= 2017-01-11 Vulnerability Laboratory ID VL-ID: ====================================...

Salesforce (Event Registration) - Persistent Vulnerability

Document Title: =============== Salesforce Event Registration - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1991 Release Date: ============= 2017-01-11 Vulnerability Laboratory ID VL-ID: ====================================...

Blackboard LMS 9.1 SP14 - Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Document Title: =============== Blackboard LMS 9.1 SP14 - Profile Persistent Vulnerability Product & Service Introduction: =============================== Blackboard Learn previously the Blackboard Learning Management System, is a virtual...

Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability

Document Title: =============== Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2028 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID VL-ID: ==================================== 2028...