Monstra CMS 3.0.3 - Multiple Vulnerabilities

Monstra CMS 3.0.3 - Multiple Vulnerabilities Exploit Title: Monstra CMS 3.0.3 - Privilege Escalation / Remote Password Change Google Dork: intext:"Powered by Monstra"/users/registration Date: 2016-03-28 Exploit Author: Sarim Kiani Vendor Homepage: http://monstra.org Software Link:...

Monstra CMS 3.0.3 - Multiple Vulnerabilities

Exploit Title: Monstra CMS 3.0.3 - Privilege Escalation / Remote Password Change Google Dork: intext:"Powered by Monstra"/users/registration Date: 2016-03-28 Exploit Author: Sarim Kiani Vendor Homepage: http://monstra.org Software Link: http://monstra.org/download Version: 3.0.3 Tested on: Window...

Zomato: Persistent XSS on Reservation / Booking Page

Hi, Its a persistent xss issue on booking or reservation page. I am going to add the video which is demonstrate the bug. Have a nice work! Here is video: https://www.youtube.com/watch?v=NBDBnKorF6o...

TeamPass 2.1.24 - Multiple Vulnerabilities

Exploit for php platform in category web applications Affected Product: TeamPass Vulnerability Type: Multiple XSS,CSRF, SQL injections Fixed in Version: 2.1.25 https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.25.0 Vendor Website: http://www.teampass.net Software Link: :...

TeamPass 2.1.24 - Multiple Vulnerabilities

Affected Product: TeamPass Vulnerability Type: Multiple XSS,CSRF, SQL injections Fixed in Version: 2.1.25 https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.25.0 Vendor Website: http://www.teampass.net Software Link: : https://github.com/nilsteampassnet/TeamPass Affected Version: 2.1.24...

Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability

Document Title: =============== Chamlio LMS v1.10.2 - Profile Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1781 Release Date: ============= 2016-03-13 Vulnerability Laboratory ID VL-ID: ====================================...

Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability

Document Title: =============== Chamlio LMS v1.10.2 - Profile Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1781 Release Date: ============= 2016-03-13 Vulnerability Laboratory ID VL-ID: ====================================...

WordPress WP Advanced Comment Plugin 0.10 - Persistent XSS

Because of this persistent XSS vulnerability, an attacker can change the value of "name="commentmetavalue" " parameter. Solution Upgrade the plugin...

WordPress Advanced Comment 0.10 Plugin - Persistent Cross-Site Scripting

Exploit for php platform in category web applications 1. Introduction Exploit Title: WordPress WP Advanced Comment 0.10 Persistent XSS Date: Mar.09.2016 Exploit Author: Mohammad Khaleghi Contact: https://twitter.com/blackmatrix Vendor: Ravi Shakya Tested On: Apache2.2 / PHP5 / Kali 64 / WordPress...

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting 1. Introduction Exploit Title: WordPress WP Advanced Comment 0.10 Persistent XSS Date: Mar.09.2016 Exploit Author: Mohammad Khaleghi Contact: https://twitter.com/blackmatrix Vendor: Ravi Shakya Tested On: Apache2.2 / PHP5...

WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting

Introduction Exploit Title: WordPress WP Advanced Comment 0.10 Persistent XSS Date: Mar.09.2016 Exploit Author: Mohammad Khaleghi Contact: https://twitter.com/blackmatrix Vendor: Ravi Shakya Tested On: Apache2.2 / PHP5 / Kali 64 / WordPress 4.4.1 Category: Webapps Software Link:...

Thomson Router TWG850-4U XSS / CSRF / Unauthenticated Access

System Affected Thomson Router HW Revision 2.0 VENDOR Thomson BOOT Revision 2.1.7i MODEL TWG850-4U Software Version ST9D.01.09 Serial Number 00939902404041 Firmware Name TWG850-4U-9D.01.09-100528-S-001.bin Vulnerabilities 1- Cross-Site Request Forgery 2- Unauthenticated access to resources 3-...

Proofpoint Warns Of New MSIL/Crimson Tied To Cyber Espionage

Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites. Researchers at Proofpoint this week published a report on Operation Transparent Tribe, which was ongoing as of Feb. 11...

Liferay Portal 5.1.2 Cross Site Scripting

Exploit Title: Liferay Portal 5.1.2 - Persistent XSS Discovery Date: 2016-02-10 Exploit Author: Sarim Kiani Vendor Homepage: https://www.liferay.com Software Link: https://www.liferay.com/community/releases Version: 5.1.2 Tested on: Windows OS Liferay Portal 5.1.2 is an open source version of...

WordPress CP Polls 1.0.8 File Upload / Cross Site Scripting

Exploit Title: WordPress CP Polls 1.0.8 - Cross-site file upload & persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI: http://wordpress.dwbooster.com/forms/cp-polls Version: 1.0.8...

WordPress CP Polls 1.0.8 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: WordPress CP Polls 1.0.8 - CSRF - Update poll settings & Persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI: http://wordpress.dwbooster.com/forms/cp-polls Version: 1.0.8...

perfact::mpa Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-066 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...

WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities

WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities Exploit Title: WordPress CP Polls 1.0.8 - CSRF - Update poll settings & Persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI:...

WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities

Exploit Title: WordPress CP Polls 1.0.8 - CSRF - Update poll settings & Persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI: http://wordpress.dwbooster.com/forms/cp-polls Version: 1.0.8...

WordPress CP Polls 1.0.8 Plugin - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress CP Polls 1.0.8 - CSRF - Update poll settings & Persistent XSS Date: 2016-02-22 Google Dork: Index of /wp-content/plugins/cp-polls/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Plugin URI:...