WordPress Appointment Booking Calendar 1.1.24 Escalation / XSS

Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0 security-lab Software Link:...

eBay Magento Persistent Mail Encoding

Document Title: =============== Ebay Magento Bug Bounty 2 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1203 eBay Inc. Bug Bounty Program ID: EIBBP-26644 Release Date: ============= 2016-01-18 Vulnerability Laboratory ID...

Trend Micro Direct Pass - Bypass & Persistent Vulnerability

Document Title: =============== Trend Micro Direct Pass - Bypass & Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1688 Video: https://www.youtube.com/watch?v=vXCdjK6O-Pc Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1661 Release...

Trend Micro Direct Pass - Bypass & Persistent Vulnerability

Document Title: =============== Trend Micro Direct Pass - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1661 Video: http://www.vulnerability-lab.com/getcontent.php?id=1688 Vulnerability Magazine:...

Trend Micro Direct Pass - Bypass & Persistent Vulnerability

Document Title: =============== Trend Micro Direct Pass - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1661 Video: http://www.vulnerability-lab.com/getcontent.php?id=1688 Vulnerability Magazine:...

Trend Micro Direct Pass - Bypass & Persistent Vulnerability

Document Title: =============== Trend Micro Direct Pass - Bypass & Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1688 Video: https://www.youtube.com/watch?v=vXCdjK6O-Pc Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1661 Release...

WordPress Booking Calendar Contact Form Plugin 1.1.24 - Multiple Vulnerabilities

This plugin is prone to persistent XSS vulnerabilities that appear in the administration page. Solution Upgrade the plugin...

WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities

WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of...

WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities

Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0 security-lab Software Link:...

withinsecurity: Error Page Text Injection #106350

Hello Team , Description : This report is similar to 106350 , as we can see in report an user or attacker is able to inject his text into error page and can trap to user to visit other site by adding following link...

Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current version. Vulnerability Type: ===================...

Advanced Electron Forum 1.0.9 Cross Site Scripting

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-XSS.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current...

Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting

Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-XSS.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================...

Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability

Document Title: =============== Ebay Magento Bug Bounty 2 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1203 eBay Inc. Bug Bounty Program ID: EIBBP-26644 Release Date: ============= 2016-01-18 Vulnerability Laboratory ID...

Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability

Document Title: =============== Ebay Magento Bug Bounty 2 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1203 eBay Inc. Bug Bounty Program ID: EIBBP-26644 Release Date: ============= 2016-01-18 Vulnerability Laboratory ID...

Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AEF-XSS.txt Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current...

iptables-persistent '/etc/iptables' local information disclosure vulnerability

iptables-persistent is an init.d script used to make iptables rules restart continuously. A security vulnerability exists in iptables-persistent, which allows local attackers to exploit the vulnerability to obtain sensitive information...

SlemBunk Part II: Prolonged Attack Chain and Better-Organized Campaign

Introduction Our follow-up investigation of a nasty Android banking malware we identified at the tail end of last year has not only revealed that the trojan is more persistent than we initially realized – thus making for a much more dangerous threat – but that it is also being used as part of an...

Simple PHP Polling System - Multiple Vulnerabilities

Exploit Title : Multiple Vulnerabilities in Simple PHP Polling System. Author : WICS Date : 05-Jan-2016 Software Link : http://sourceforge.net/projects/pollingsystem/ Overview : Simple PHP Polling System helps organizations to make polls of different types of positions with a number of candidates...

PhpSocial 2.0.0304_20222226 Cross Site Scripting / Open Redirect

Security Advisory - Curesec Research Team 1. Introduction Affected Product: PhpSocial v2.0.030420222226 Fixed in: not fixed Fixed Version Link: n/a Vendor Webite: http://phpsocial.net Vulnerability Type: XSS / Open Redirect Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to publi...