Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting

Exploit Title: IP.Board Persistent XSS Vulnerability Date: 29/10/2015 Software Link: https://www.invisionpower.com/buy Software version : 4.1.4.x Exploit Author: Mehdi Alouache Contact: [email protected] Category: webapps 1. Description Any registered user can execute remote...

thehandcraftedcardcompany.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-109968 Description| Value ---|--- Affected Website:| thehandcraftedcardcompany.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...

WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting

WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting Application: WP-Client Version: 3.8.7 Author: Pier-Luc Maltais from COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== One plugin configures multiple are...

WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting

Application: WP-Client Version: 3.8.7 Author: Pier-Luc Maltais from COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== One plugin configures multiple areas of your WordPress installation and allows the site Administrator...

LinkedIn Cross Site Scripting

LinkedIn social network affected by Persistent Cross-Site Scripting vulnerabilityXSS patched in less than 3 hours ========================= I. VULNERABILITY ------------------------- LinkedIn social network is affected by Persistent Cross-Site Scripting stored XSS vulnerability. II. BACKGROUND...

Adobe Premiere Clip 1.1.1 Filter Bypass

Document Title: =============== Adobe Premiere Clip v1.1.1 iOS - cid:x Filter Bypass & Persistent Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1478 PSIRT ID: 3721 Video: http://www.vulnerability-lab.com/getcontent.php?id=1479...

Adobe Premiere Clip iOS - Bypass & Persistent Vulnerability

Document Title: =============== Adobe Premiere Clip iOS - Bypass & Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1479 View Video: https://www.youtube.com/watch?v=rGEeW7ypuRE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1478 PSI...

Adobe Premiere Clip v1.1.1 iOS - Persistent Vulnerability

Document Title: =============== Adobe Premiere Clip v1.1.1 iOS - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1478 PSIRT ID: 3721 Video: http://www.vulnerability-lab.com/getcontent.php?id=1479 Bulletin:...

WordPress Users Ultra 1.5.50 Unrestricted File Upload

Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link:...

Adobe Premiere Clip iOS - Bypass & Persistent Vulnerability

Document Title: =============== Adobe Premiere Clip iOS - Bypass & Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1479 View Video: https://www.youtube.com/watch?v=rGEeW7ypuRE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1478 PSI...

Ebay Magento Commerce Cross Site Scripting

Document Title: =============== Magento Bug Bounty 22 - Profile Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1636 Magento Security ID: APPSEC-1121 Release Date: ============= 2015-11-06 Vulnerability Laboratory ID VL-ID:...

Arris TG1682G Modem - Persistent Cross-Site Scripting

Arris TG1682G Modem - Persistent Cross-Site Scripting Unauth Stored CSRF/XSS - Xfinity Modem alert1" /...

NXFilter 3.0.3 Cross Site Scripting

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NXFILTER-XSS.txt Vendor: ================================ www.nxfilter.org/p2/ Product: ================================ NXFilter v3.0.3 Vulnerability Type: =========================...

TestLink 1.9.14 Cross Site Scripting

Information ================================= Name: Persistent XSS Vulnerability in TestLink 1.9.14 Affected Software: TestLink Affected Versions: 1.9.14 and possibly below Vendor Homepage: http://testlink.org/ Severity: High Status: Fixed Vulnerability Type: =================================...

CubeCart 6.0.7 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: CubeCart 6.0.7 Fixed in: 6.0.8 Fixed Version Link: https://www.cubecart.com/thank-you/CubeCart-6.0.8.zip Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/2015...

NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities

NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NXFILTER-XSS.txt Vendor: ================================ www.nxfilter.org/p2/ Product: ================================...

Magento Bug Bounty #22 - (Profile) Persistent Vulnerability

Document Title: =============== Magento Bug Bounty 22 - Profile Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1636 Magento Security ID: APPSEC-1121 Release Date: ============= 2015-11-06 Vulnerability Laboratory ID VL-ID:...

Magento Bug Bounty #22 - (Profile) Persistent Vulnerability

Document Title: =============== Magento Bug Bounty 22 - Profile Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1636 Magento Security ID: APPSEC-1121 Release Date: ============= 2015-11-06 Vulnerability Laboratory ID VL-ID:...

CVE-2004-0230

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service connection loss to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP...

Imgur: Persistent XSS in https://p.imgur.com/albumview.gif and http://p.imgur.com/imageview.gif / post statistics

In p.imgur.com/albumview.gif, a post paramater could be set containing html and javascript. This was not escaped properly and the code would be executed. The reporter used the following example URLs as a proof of concept https://p.imgur.com/albumview.gif?a=F78FO&r=https://community.imgur.com/aler...