WordPress Contact Form Generator <= 2.0.1 - Multiple CSRF Vulnerabilities

Exploit for php platform in category web applications Live Demos. It is packed with a Template Creator Wizard to create fantastic forms in a matter of seconds without coding. copy of ´contactformgenerator.php´ file =================== TECHNICAL DETAILS =================== A CSRF issue was found i...

WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities

WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities Live Demos. It is packed with a Template Creator Wizard to create fantastic forms in a matter of seconds without coding. copy of ´contactformgenerator.php´ file =================== TECHNICAL...

GeniXCMS 0.0.3 - XSS Vulnerabilities

漏洞标题：持续性XSS 厂商主页: genixcms.org 软件链接: genixcms.org 版本: 0.0.3 测试于: windows 7 类别: web应用 厂商:=============================================genixcms.org产品:=====================================================GeniXCMS v0.0.3 是一个基于PHP的管理系统 咨询信息:===================================================多个持续型&反射型...

Shopify Bug Bounty #8 - (FilePath) Cross Site Vulnerability

Document Title: =============== Shopify Bug Bounty 8 - FilePath Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1592 Release Date: ============= 2015-09-04 Vulnerability Laboratory ID VL-ID: ====================================...

Shopify Bug Bounty #8 - (FilePath) Cross Site Vulnerability

Document Title: =============== Shopify Bug Bounty 8 - FilePath Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1592 Release Date: ============= 2015-09-03 Vulnerability Laboratory ID VL-ID: ====================================...

Bedita 3.5.1 - XSS Vulnerabilities

No description provided by source. Title: Bedita 3.5.1 XSS vulnerabilites Application: Bedita Version: 3.5.1 Software Link: http://www.bedita.com/ Date: 2015-03-09 Author: Sébastien Morin Contact: https://twitter.com/SebMorin1 Category: Web Applications =================== Introduction:...

Serendipity 2.0.1 Cross Site Scripting

Serendipity 2.0.1: Persistent XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected] Vulnerabili...

Bedita 3.5.1 - XSS Vulnerabilities

Exploit for php platform in category web applications Title: Bedita 3.5.1 XSS vulnerabilites Application: Bedita Version: 3.5.1 Software Link: http://www.bedita.com/ Date: 2015-03-09 Author: Sébastien Morin Contact: https://twitter.com/SebMorin1 Category: Web Applications ===================...

NibbleBlog 4.0.3 Cross Site Request Forgery

NibbleBlog 4.0.3: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://www.nibbleblog.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 07/21/2015...

Bedita 3.5.1 - Cross-Site Scripting

Bedita 3.5.1 - Cross-Site Scripting Title: Bedita 3.5.1 XSS vulnerabilites Application: Bedita Version: 3.5.1 Software Link: http://www.bedita.com/ Date: 2015-03-09 Author: Sébastien Morin Contact: https://twitter.com/SebMorin1 Category: Web Applications =================== Introduction:...

Bedita 3.5.1 - Cross-Site Scripting

Title: Bedita 3.5.1 XSS vulnerabilites Application: Bedita Version: 3.5.1 Software Link: http://www.bedita.com/ Date: 2015-03-09 Author: Sébastien Morin Contact: https://twitter.com/SebMorin1 Category: Web Applications =================== Introduction: =================== BEdita is an open source...

[SECURITY] Fedora 22 Update: php-guzzle-Guzzle-3.9.3-5.fc22

Guzzle takes the pain out of sending HTTP requests and the redundancy out of creating web service clients. Guzzle is a framework that includes the tools needed to create a robust web service client, including: Service descriptions for defining the inputs and outputs of an API, resource iterators...

Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting

Invision Power Board IP.Board 4.x - Persistent Cross-Site Scripting Exploit Title: IP.Board 4.X Stored XSS Date: 27-08-2015 Software Link: https://www.invisionpower.com/ Exploit Author: snop. Contact: http://twitter.com/rabbitzorg Website: http://rabbitz.org Category: webapps 1. Description A...

Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting

Exploit Title: IP.Board 4.X Stored XSS Date: 27-08-2015 Software Link: https://www.invisionpower.com/ Exploit Author: snop. Contact: http://twitter.com/rabbitzorg Website: http://rabbitz.org Category: webapps 1. Description A registered or non-registered user can create a calendar event including...

Page2Flip 2.5 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-028 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Cross-Site Scripting...

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1467 Video: http://www.vulnerability-lab.com/getcontent.php?id=1468 Release Date: ============= 2015-08-11 Vulnerability...

Hawkeye-G v3.0.1 Persistent XSS &amp; Information Leakage

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0725.txt Vendor: ================================ www.hexiscyber.com Product: ================================ Hawkeye-G v3.0.1.4912 Hawkeye G is an active defense...

CSRF and XSS vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DCS-2103 IP camera. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DCS-2103, Firmware 1.0.0. Version 1.20 and previous versions also...

UBNT Script Insertion

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1467 Video: http://www.vulnerability-lab.com/getcontent.php?id=1468 Release Date: ============= 2015-08-11 Vulnerability...

WordPress MDC Private Message Plugin 1.0.0 - Persistent XSS

An attacker can execute XSS issues against an administrator, because "message"field does not sanitize input. Solution Upgrade the plugin...