Flowdock API Bug Bounty #3 - Persistent Web Vulnerability

Document Title: =============== Flowdock API Bug Bounty 3 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1574 Vulnerability Magazine:...

UDID 1.0 Script Injection

Document Title: =============== UDID v1.0 iOS - Persistent Mail Encode Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1590 Release Date: ============= 2015-09-22 Vulnerability Laboratory ID VL-ID: ==================================== 1590...

Flowdock API Bug Bounty #1 - Persistent Web Vulnerability

Document Title: =============== Flowdock API Bug Bounty 1 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1560 Vulnerability Magazine:...

Flowdock API Bug Bounty #2 - Persistent Web Vulnerability

Document Title: =============== Flowdock API Bug Bounty 2 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1572 Vulnerability Magazine:...

WiFi Drive + CR v1.0 iOS - Persistent Filename Vulnerability

Document Title: =============== WiFi Drive + CR v1.0 iOS - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1595 Release Date: ============= 2015-09-22 Vulnerability Laboratory ID VL-ID: ==================================...

UDID v1.0 iOS - Persistent Mail Encode Vulnerability

Document Title: =============== UDID v1.0 iOS - Persistent Mail Encode Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1590 Release Date: ============= 2015-09-22 Vulnerability Laboratory ID VL-ID: ==================================== 1590...

Flowdock API Bug Bounty #1 - Persistent Web Vulnerability

Document Title: =============== Flowdock API Bug Bounty 1 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1560 Vulnerability Magazine:...

Blinksale Bug Bounty #3 - Persistent Web Vulnerability

Document Title: =============== Blinksale Bug Bounty 3 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1449 Release Date: ============= 2015-09-20 Vulnerability Laboratory ID VL-ID: ==================================== 1449...

Blinksale Bug Bounty #3 - Persistent Web Vulnerability

Document Title: =============== Blinksale Bug Bounty 3 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1449 Release Date: ============= 2015-09-19 Vulnerability Laboratory ID VL-ID: ==================================== 1449...

CVE-2014-3650

Multiple persistent cross-site scripting XSS flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input...

Anchor CMS 0.9.2 Cross Site Scripting / Open Redirect

Anchor CMS 0.9.2: XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Anchor CMS 0.9.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://anchorcms.com/ Vulnerability Type: XSS and Open Redirect Remote Exploitable: Yes Reported to vendor:...

Attackers Replacing Firmware on Cisco Routers

Cisco routers are built into the fabric of the Internet and enterprise networks, a fact that makes them highly attractive targets for attackers. Researchers at FireEye have come across attacks recently in which hackers have been modifying the firmware of Cisco routers and using that foothold to...

Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities

Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt Vendor: ================================ www.igniterealtime.org/projects/openfire...

Shopify Input Validation

Document Title: =============== Shopify Bug Bounty 8 - FilePath Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1592 Release Date: ============= 2015-09-04 Vulnerability Laboratory ID VL-ID: ====================================...

Magento Cross Site Scripting

Document Title: =============== Magento Bug Bounty 19 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1570 ID: APPSEC-1059 Release Date: ============= 2015-09-11 Vulnerability Laboratory ID VL-ID:...

Researchers Outline Bugs in Yahoo, PayPal, Magento

Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, and phishing, among other consequences. Hadji Samir, Ebrahim Hegazy,...

Magento Bug Bounty #19 - Persistent Filename Vulnerability

Document Title: =============== Magento Bug Bounty 19 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1570 ID: APPSEC-1059 Release Date: ============= 2015-09-11 Vulnerability Laboratory ID VL-ID:...

BlackHat topics: SMBS not only to share your files-bug warning-the black bar safety net

In this paper, we show a new attack method to crack the Windows SSO Single Sign On feature, affecting all versions of Windows including the latest Windows 10, Microsoft's SMB（Server Message Block Protocol, within the network to attack the SMB technology has appear a long time, this new type of...

tomcat: non-persistent DoS attack by feeding data by aborting an upload

It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made...

Magento Bug Bounty #19 - Persistent Filename Vulnerability

Document Title: =============== Magento Bug Bounty 19 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1570 ID: APPSEC-1059 Release Date: ============= 2015-09-10 Vulnerability Laboratory ID VL-ID:...