7646 matches found
UDID v1.0 iOS - Persistent Mail Encode Vulnerability
Document Title: =============== UDID v1.0 iOS - Persistent Mail Encode Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1590 Release Date: ============= 2015-09-22 Vulnerability Laboratory ID VL-ID: ==================================== 1590...
WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability
Document Title: =============== WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1595 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID:...
Imgur: Persistent XSS in image title
When adding a title to uploaded images, one can insert XSS into the title which is then executed for anyone viewing the image. PoC contains a harmless XSS: http://imgur.com/bSZwUBG&rAmpN4O How to recreate: 1. Open the Image Options page for an album. 2. Press "Add Title / Description" 3. Enter so...
Realtyna RPL 8.9.2 CSRF / Cross Site Scripting
Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities Vendor: Realtyna LLC Product web page: https://www.realtyna.com Affected version: 8.9.2 Summary: Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on...
Realtyna RPL Joomla Extension 8.9.2 - Persistent XSS And CSRF Vulnerabilities
Exploit for php platform in category web applications Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities Vendor: Realtyna LLC Product web page: https://www.realtyna.com Affected version: 8.9.2 Summary: Realtyna CRM Client Relationship Management Add-on for RPL is a Real...
HP Client Automation and Radia Client Automation is vulnerable to remote code execution
Overview Radia Client Automation previously sold under the name HP Client Automation agent prior to version 9.1 is vulnerable to arbitrary remote code execution. Description According to ZDI's advisory for ZDI-15-363, which has been assigned CVE-2015-7860: "This vulnerability allows remote...
CVE-2015-7863
The default configuration of Persistent Accelerite Radia Client Automation formerly HP Client Automation 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions vi...
CVE-2015-7862
Persistent Accelerite Radia Client Automation formerly HP Client Automation 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors...
CVE-2015-7860
Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation formerly HP Client Automation, possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling...
Stack overflow
Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation formerly HP Client Automation, possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling...
CVE-2015-7863
CVE-2015-7863 affects Persistent Accelerite Radia Client Automation (formerly HP Client Automation) versions 7.9–9.1 prior to 2015-02-19. The root cause is the default configuration failing to protect the Remote Notify feature with Extended Notify Security, allowing a remote attacker to bypass ac...
CVE-2015-7863
The default configuration of Persistent Accelerite Radia Client Automation formerly HP Client Automation 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions vi...
CVE-2015-7860
The CVE-2015-7860 issue affects Persistent Accelerite Radia Client Automation (formerly HP Client Automation) — specifically the Radia/Client Automation agent prior to version 9.1. The vulnerability is a stack-based buffer overflow in the agent that can be exploited remotely by sending a large am...
CVE-2015-7862
CVE-2015-7862 affects Persistent Accelerite Radia Client Automation (formerly HP Client Automation) versions 7.9–9.1 prior to 2015-02-19. The vulnerability stems from improper implementation of Role Based Access Control, allowing a remote attacker to modify an account’s role assignments via unspe...
RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities
RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities Vendor: Next Click Ventures Product web page: http://www.realtyscript.com Affected version: 4.0.2 Summary: RealtyScript is...
RealtyScript 4.0.2 Cross Site Request Forgery / Cross Site Scripting
RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities Vendor: Next Click Ventures Product web page: http://www.realtyscript.com Affected version: 4.0.2 Summary: RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or...
RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities
Summary RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or entrepreneur to be up and running with a real estate web site in minutes. The software is in daily use on thousands of domain names in over 40 countries and has been translated...
Persistent Systems Radia Client Automation Agent Command Injection
The Persistent Systems Radia Client Automation formerly HP Client Automation agent listening on the remote port is affected by a command execution vulnerability due to a flaw in the radexecd.exe component. An unauthenticated, remote attacker can exploit this to execute arbitrary commands in the...
RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities
RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities Vendor: Next Click Ventures Product web page: http://www.realtyscript.com Affected version: 4.0.2 Summary: RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or...
Cross-Site Scripting
Overview Versions 1.6.2 and earlier of serve-index are affected by a cross-site scripting vulnerability. Because file and directory names are not escaped in the module's HTML output, a remote attacker that can influence file or directory names can launch a persistent cross-site scripting attack o...