Design/Logic Flaw

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...

UBUNTU-CVE-2016-6622

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...

CVE-2016-6622

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...

CVE-2016-6622

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...

Starbucks: Persistent XSS in www.starbucks.com

There is a persistent XSS in https://www.starbucks.com/coffee/espresso/latte-macchiato It is caused by loading scripts from: //starbucksmacchiato-prod.elasticbeanstalk.com/scripts/bn-v1.0.0-Release-min.js Note that starbucksmacchiato-prod.elasticbeanstalk.com is not registered on elastic beanstal...

New Large-Scale DDoS Attacks Follow Schedule

A powerful new botnet is being blamed for massive and sustained DDoS attacks that security researchers at CloudFlare compare to Mirai when it comes to intensity and scope. The attacks began Nov. 23 and ran for eight hours daily, similar to an average workday. The consistent attacks occurred for...

U.S. Dept Of Defense: XSS vulnerability on an Army website

A U.S. Army website was vulnerable to a cross-site scripting attack which may be used to trick a web user into executing a malicious script, potentially revealing a user's browser cookies or modify web content. spam404 was able to demonstrate this vulnerability by crafting a specially formatted...

Tenda / D-Link / TP-Link DHCP Cross Site Scripting

Document Title: =============== Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1990 Release Date: ============= 2016-11-28 Vulnerability Laboratory ID VL-ID: ====================================...

Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability

Document Title: =============== Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1990 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20372...

Burden TMA v2.1.1 - (Task) Persistent Web Vulnerability

Document Title: =============== Burden TMA v2.1.1 - Task Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1998 Release Date: ============= 2016-11-26 Vulnerability Laboratory ID VL-ID: ==================================== 199...

Mezzanine 4.2.0 - Cross-Site Scripting

Mezzanine 4.2.0 - Cross-Site Scripting Security Advisory - Curesec Research Team 1. Introduction Affected Product: Mezzanine 4.2.0 Fixed in: 4.2.1 Fixed Version Link: https://github.com/stephenmcd/mezzanine/releases/tag/4.2.1 Vendor Website: http://mezzanine.jupo.org/ Vulnerability Type: XSS Remo...

Mezzanine 4.2.0 - Cross-Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Mezzanine 4.2.0 Fixed in: 4.2.1 Fixed Version Link: https://github.com/stephenmcd/mezzanine/releases/tag/4.2.1 Vendor Website: http://mezzanine.jupo.org/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor:...

FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to public:...

FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request Forgery

FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable...

WordPress MailChimp 4.0.7 Cross Site Request Forgery / Cross Site Scripting

Exploit Title : WordPress Plugin MailChimp 4.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : https://wordpress.org/plugins/mailchimp-for-wp/ Category: Webapps Tested on: Win Version: 4.0.7 Date: 2016/11/19 PoC: I would like t...

WordPress Easy Facebook Like Box 4.3.0 CSRF / XSS

Exploit Title : WordPress Plugin Easy Facebook Like Box 4.3.0- Cross-Site Request Forgery / Persistent Cross-Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : https://wordpress.org/plugins/easy-facebook-likebox/ Category: Webapps Tested on: Win Version: 4.3.0 Date: 2016/11/19 Po...

FUDforum 3.0.6 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

FUDforum version 3.0.6 suffers from cross site request forgery and cross site scripting vulnerabilities. 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable:...

MoinMoin 1.9.8 Cross Site Scripting Vulnerability

MoinMoin version 1.9.8 suffers from cross site scripting vulnerabilities. 1. Introduction Affected Product: MoinMoin 1.9.8 Fixed in: 1.9.9 Fixed Version Link: http://static.moinmo.in/files/moin-1.9.9.tar.gz Vendor Website: https://moinmo.in Vulnerability Type: XSS Remote Exploitable: Yes Reported...

Mezzanine 4.2.0 Cross Site Scripting Vulnerability

Mezzanine version 4.2.0 suffers from persistent cross site scripting vulnerabilities. 1. Introduction Affected Product: Mezzanine 4.2.0 Fixed in: 4.2.1 Fixed Version Link: https://github.com/stephenmcd/mezzanine/releases/tag/4.2.1 Vendor Website: http://mezzanine.jupo.org/ Vulnerability Type: XSS...

FUDforum 3.0.6 Cross Site Request Forgery / Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to public:...