WordPress Events Made Easy 1.5.49 CSRF / XSS

Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persistent-xss/ Events Made Easy is a full-featured event management solution fo...

Apache Solr < 4.10.5 'plugin.js' XSS

Binary data 8974.prm...

Wordpress DukaPress Plugin - Persistent XSS Vulnerability

Exploit for php platform in category web applications Tilte Exploit : Wordpress Plugin DukaPress - Persistent XSS Vulnerability Date : 21/09/2015 Author : ZwX Software Vendor : http://dukapress.org/ Software Link: https://wordpress.org/plugins/dukapress/ Version: 2.5.9 Levels Risk : Low Tested on...

Zope Management Interface 4.3.7 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application server for building secure and highly scalable web applications. Plone...

Zope Management Interface 4.3.7 - CSRF Vulnerabilities

Exploit for php platform in category web applications Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application server for building secure and highly scalable web applications. Plone Is a Content Management System built on top of the open source...

Joomla Komento Cross Site Scripting Vulnerability

Joomla Komento versions prior to 2.0.5 suffer from a persistent cross site scripting vulnerability. Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento I found out that was possible to launch a...

Joomla Komento Cross Site Scripting

CVE Reference: CVE-2015-7324 Original advisory: https://www.davidsopas.com/komento-joomla-component-persistent-xss/ Author: David Sopas @dsopas Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento ...

Persistent Systems Radia Client Automation Agent Stack Overflow Remote Code Execution (destructive check)

The Persistent Systems Radia Client Automation formerly HP Client Automation agent listening on the remote port is affected by a remote code execution vulnerability due to a stack overflow condition in the radexecd service. An unauthenticated, remote attacker can exploit this to execute arbitrary...

Prevent Activity feed information leakage by allowing permanently disabling of it

It seems that the sensitive information leakage is something almost impossible to avoid when you have a pair of JIRA instances, internal and external, which are connected one to another. Having them connected is clearly a business requirement for being able to cross link issues and to copy them...

Prevent Activity feed information leakage by allowing permanently disabling of it

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-45601. panel It seems that the sensitive information leakage is something almost impossible to avoid when you have a pair of JIRA instances,...

Flowdock API Script Insertion

Document Title: =============== Flowdock API Bug Bounty 3 - Invite Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1574 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID:...

Centreon 2.6.1 - Multiple Vulnerabilities

Centreon 2.6.1 - Multiple Vulnerabilities Centreon 2.6.1 Command Injection Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for...

Flowdock API Bug Bounty #4 - Persistent RSS Vulnerability

Document Title: =============== Flowdock API Bug Bounty 4 - Persistent RSS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1575 Vulnerability Magazine:...

FortiManager 5.2.2 - Persistent XSS Vulnerabilities

Exploit for cgi platform in category web applications Vendor: ================================ www.fortinet.com Product: ================================ FortiManager v5.2.2 FortiManager is a centralized security management appliance that allows you to centrally manage any number of Fortinet...

Persistent Systems Radia Client Automation Agent Command Injection

The Persistent Systems Radia Client Automation formerly HP Client Automation agent listening on the remote port is affected by a command execution vulnerability due to a flaw in the radexecd.exe component. An unauthenticated, remote attacker can exploit this to execute arbitrary commands with...

WiFi Drive CR 1.0 Script Insertion

Document Title: =============== WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1595 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID:...

Flowdock API Bug Bounty #3 - Persistent Web Vulnerability

Document Title: =============== Flowdock API Bug Bounty 3 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1574 Vulnerability Magazine:...

Flowdock API Script Insertion

Document Title: =============== Flowdock API Bug Bounty 2 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1572 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID: ====================================...

Flowdock API Bug Bounty #2 - Persistent Web Vulnerability

Document Title: =============== Flowdock API Bug Bounty 2 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1572 Vulnerability Magazine:...

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability

Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1608 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID: ====================================...