CumulusClips 2.4.1 Code Execution / CSRF / Cross Site Scripting

Exploit Title: CumulusClips Session fixation Google Dork: inurl:/cumulusclips/videos/ Date: 2.09.2016 Exploit Author: kor3k / Aukasz Korczyk Vendor Homepage: http://cumulusclips.org/ Software Link: http://cumulusclips.org/cumulusclips.zip Version: 2.4.1 Tested on: Debian Jessie Description:...

CumulusClips 2.4.1 - Multiple Vulnerabilities

Exploit Title: CumulusClips Session fixation Google Dork: inurl:/cumulusclips/videos/ Date: 2.09.2016 Exploit Author: kor3k / Łukasz Korczyk Vendor Homepage: http://cumulusclips.org/ Software Link: http://cumulusclips.org/cumulusclips.zip Version: 2.4.1 Tested on: Debian Jessie Description:...

Windows/x86 - Persistent Reverse Shell TCP (494 Bytes)

/ Title : Windows x86 persistent reverse shell tcp Author : Roziul Hasan Khan Shifat Date : 04-09-2016 Tested on : Windows 7 x86 / / Note : This program must be run as adminstrator for 1st time . otherwise it won't be persistent / / section .text global start start: xor ecx,ecx mov eax,fs:ecx+0x3...

Windows x86 - Persistent Reverse Shell TCP (494 Bytes)

Windows x86 - Persistent Reverse Shell TCP 494 Bytes. Shellcode exploit for Winx86 platform / Title : Windows x86 persistent reverse shell tcp Author : Roziul Hasan Khan Shifat Date : 04-09-2016 Tested on : Windows 7 x86 / / Note : This program must be run as adminstrator for 1st time . otherwise...

ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting

ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting...

ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting

Exploit for jsp platform in category web applications !-- ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 5.3.12252 Summary: ZKAccess Systems ar...

RSS News AutoPilot Script 1.0.1/3.0.3 - Cross-Site Request Forgery

Exploit Title: RSS News AutoPilot Script 1.0.1 / 3.0.3 - CSRF to Persistent XSS and RCE Through Unrestricted File Upload Date: 30 August 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Software Link: https://codecanyon.net/item/rss-news-autopilot-script/11812898 Version: 1.0.1 to 3.0.3...

Edmodo BB#1 - Persistent Input Validation Vulnerability

Document Title: =============== Edmodo BB1 - Persistent Input Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1921 Release Date: ============= 2016-08-22 Vulnerability Laboratory ID VL-ID: ==================================== 192...

QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-049 Product: QNAP QTS Manufacturer: QNAP Affected Versions: 4.2.0 Build 20160311 and Build 20160601 Tested Versions: 4.2.0 Build 20160311 - 4.2.2 Build 20160812 Vulnerability Type: Persistent Cross-Site Scripting CWE-79 Risk...

8 on 1 9: The Shadow-Brokers the leaked file description, technical analysis on-the vulnerability warning-the black bar safety net

! 0x01 exposure data with the equation and NSA relationship From the leaked data packet with the decompressed content to see, specifically for the firewall device attack and penetration action when the use of the tool set. According to the data exposed persons Shadow Brokers described, this packe...

openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)

Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500:...

WSO2 Carbon 4.4.5 - Persistent Cross-Site Scripting

Exploit for jsp platform in category web applications + Credits: John Page aka HYP3RLINX Vendor: ============= www.wso2.com Product: ================== Ws02Carbon v4.4.5 WSO2 Carbon is the core platform on which WSO2 middleware products are built. It is based on Java OSGi technology, which allows...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...

Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in Whitelist/Blacklist

Exploit Title: Pi-Hole Web Interface Stored XSS in White/Black list file Author: loneferret from Kioptrix Product: Pi-Hole Version: Web Interface 1.3 Web Interface software: https://github.com/pi-hole/AdminLTE Version: Pi-Hole v2.8.1 Discovery date: July 20th 2016 Vendor Site: https://pi-hole.net...

WSO2 Carbon 4.4.5 - Persistent Cross-Site Scripting

Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt + ISR: ApparitionSec Vendor: ============= www.wso2.com Product: ================== Ws02Carbon v4.4.5 WSO2 Carbon is the...

WSO2 Carbon 4.4.5 Cross Site Scripting

Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt + ISR: ApparitionSec Vendor: ============= www.wso2.com Product: ================== Ws02Carbon v4.4.5 WSO2 Carbon is the...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...

Security update for java-1_8_0-openjdk (important)

This update for java-180-openjdk fixes the following issues: - Upgrade to version jdk8u101 icedtea 3.1.0 - New in release 3.1.0 2016-07-25: Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 -...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection domai...

FortiVoice v5.0 - Filter Bypass & Persistent Vulnerability

Document Title: =============== FortiVoice v5.0 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1842 Fortinet PSIRT ID: 1737213 Bulletin:...