Liferay CE < 6.2 CE GA6 - Persistent Cross-Site Scripting

Exploit for php platform in category web applications CVE-2016-3670 Stored Cross Site Scripting in Liferay CE 1. Vulnerability Properties Title: Stored Cross-Site Scripting Liferay CE CVE ID: CVE-2016-3670 CVSSv3 Base Score: 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Vendor: Liferay Inc Products:...

AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities

Exploit for php platform in category web applications + Credits: hyp3rlinx + ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product: ======================= AjaxExplorer v1.10.3.2 Manage server files through simple windows...

AjaxExplorer 1.10.3.2 CSRF / XSS / Command Execution

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECUTION.txt + ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product:...

AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECUTION.txt + ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product:...

CVE-2016-4317: XSS on viewmyprofile.action page

The viewmyprofile.action resource was vulnerable to persistent XSS...

CVE-2016-4317: XSS on viewmyprofile.action page

The viewmyprofile.action resource was vulnerable to persistent XSS...

CVE-2016-4317: XSS on viewmyprofile.action page

The viewmyprofile.action resource was vulnerable to persistent XSS...

Bugcrowd Persistent Script Injection / Filter Bypass

Document Title: =============== Bugcrowd Bug Bounty 7 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1830 ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b Release Date: ============= 2016-05-10...

Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

Document Title: =============== Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1852 Release Date: ============= 2016-05-24 Vulnerability Laboratory ID VL-ID: ==================================== 18...

AVAST (Business) #17 - Persistent Web Vulnerability

Document Title: =============== AVAST Business 17 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1634 Release Date: ============= 2016-05-23 Vulnerability Laboratory ID VL-ID: ==================================== 1634 Comm...

Ubiquiti airOS Arbitrary File Upload

This module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorizedkeys. FYI, /etc/passwd,dropbear/authorizedkeys will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSISTETC is true. This method is used by the "m...

Peplink InControl 2 CDM - (API) Persistent Vulnerability

Document Title: =============== Peplink InControl 2 CDM - API Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1841 Release Date: ============= 2016-05-18 Vulnerability Laboratory ID VL-ID: ==================================== 184...

ntp: slow memory leak in CRYPTO_ASSOC

A memory leak flaw was found in ntpd's CRYPTOASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory...

WordPress Event Registration 6.02.02 XSS / SQL Injection

Exploit Title: WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS Discovery Date: 2016/03/13 Public Disclosure Date: 2016/05/09 Exploit Author: Michael Helwig Contact: https://twitter.com/c0dmtr1x | https://codemetrix.net Vendor Homepage: http://wpeventregister.com/...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.7 update (Moderate) (RHSA-2016:0597)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0597 advisory. - tomcat: non-persistent DoS attack by feeding data by aborting an upload CVE-2014-0230 - EAP: HTTPS NIO connector uses no timeout when...

Bugcrowd Bug Bounty #7 - Persistent Web Vulnerability

Document Title: =============== Bugcrowd Bug Bounty 7 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1830 ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b Release Date: ============= 2016-05-09...

Secure Item Hub Persistent Input Validation Vulnerability

Secure Item Hub app is able to transfer files between iphone or ipad and computer on the same wifi network. A persistent input validation vulnerability exists in Secure Item Hub, which could allow a remote attacker to inject malicious persistent script code on the application side of the mobile a...

Ebay Magento Bug Bounty #2 Persistent Email Encryption web vulnerability

Magento is an open source e-commerce web application. Ebay Magento Bug Bounty 2 A persistent email encryption web vulnerability exists that allows remote attackers to bypass the filter authentication of the magento web server...

ZyXel WAP3205 Cross-Site Scripting Vulnerability

ZyXEL WAP3205 is a wireless broadband router from ZyXEL Technology. The ZyXel WAP3205 suffers from a cross-site scripting vulnerability that could allow an authenticated attacker to insert persistent malicious script into a page...

File Hub Input Validation Vulnerability

File Hub provides easy access to files on iOS Devices, Cloud Services and remote computers. An input validation vulnerability exists in File Hub. An attacker can inject malicious persistent code into the mobile application...