WordPress MDC Private Message Plugin 1.0.0 - Persistent XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress MDC Private Message Persistent XSS Date: 8/20/15 Exploit Author: Chris Kellum Vendor Homepage: http://medhabi.com/ https://wordpress.org/plugins/mdc-private-message/ Version: 1.0.0 ===================== Vulnerability...

WordPress Plugin MDC Private Message 1.0.0 - Persistent Cross-Site Scripting

WordPress Plugin MDC Private Message 1.0.0 - Persistent Cross-Site Scripting Exploit Title: WordPress MDC Private Message Persistent XSS Date: 8/20/15 Exploit Author: Chris Kellum Vendor Homepage: http://medhabi.com/ https://wordpress.org/plugins/mdc-private-message/ Version: 1.0.0...

WordPress Plugin MDC Private Message 1.0.0 - Persistent Cross-Site Scripting

Exploit Title: WordPress MDC Private Message Persistent XSS Date: 8/20/15 Exploit Author: Chris Kellum Vendor Homepage: http://medhabi.com/ https://wordpress.org/plugins/mdc-private-message/ Version: 1.0.0 ===================== Vulnerability Details ===================== The 'message' field doesn...

PHPfileNavigator 2.3.3 - Cross-Site Scripting

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt Vendor: ================================ pfn.sourceforge.net Product: =================================== PHPfileNavigator v2.3.3 pfn Is...

Shopify - Persistent Embed POST Inject Vulnerability

Document Title: =============== Shopify - Persistent Embed POST Inject Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1556 Video View: https://www.youtube.com/watch?v=5qiJ4UjJtQ Release Date: ============= 2015-08-13 Vulnerability Laboratory ID VL-ID:...

PHPfileNavigator 2.3.3 XSS / CSRF Vulnerabilities

PHPfileNavigator version 2.3.3 suffers from persistent and reflective cross site scripting and cross site request forgery vulnerabilities. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt Vendo...

Apple Consultants - Client Side Cross Site Vulnerability

Document Title: =============== Apple Consultants - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1533 Apple ID: 624519287 Release Date: ============= 2015-08-12 Vulnerability Laboratory ID VL-ID:...

PHPfileNavigator 2.3.3 Cross Site Scripting

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt Vendor: ================================ pfn.sourceforge.net Product: =================================== PHPfileNavigator v2.3.3 pfn Is...

Shopify - Persistent Embed POST Inject Vulnerability

Document Title: =============== Shopify - Persistent Embed POST Inject Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1556 Video View: https://www.youtube.com/watch?v=5qiJ4UjJtQ Release Date: ============= 2015-08-12 Vulnerability Laboratory ID VL-ID:...

My Contacts Backup Pro 2.0.1 Command Injection / XSS

Document Title: =============== My Contacts Backup Pro 2.0.1 IOS - Command Inject Vulnerability & Cross Site Scripting Credits & Authors: ================== TaurusOmar - @TaurusOmar [email protected] taurusomar.blogspot.com Release Date: ============= 2015-08-11 Product & Service Introductio...

Apple iTunes U - Persistent POST Inject Web Vulnerability

Document Title: =============== Apple iTunes U - Persistent POST Inject Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1532 Apple ID: 624515538 Release Date: ============= 2015-08-11 Vulnerability Laboratory ID VL-ID:...

Apple Consultants - Client Side Cross Site Vulnerability

Document Title: =============== Apple Consultants - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1533 Apple ID: 624519287 Release Date: ============= 2015-08-11 Vulnerability Laboratory ID VL-ID:...

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1467 Video: http://www.vulnerability-lab.com/getcontent.php?id=1468 Release Date: ============= 2015-08-11 Vulnerability...

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1468 View Video: https://www.youtube.com/watch?v=JeEWyV9VMpE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1467 Release...

HTTPie - a CLI, cURL-like tool for humans

HTTPie pronounced aych-tee-tee-pie is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized output...

WordPress Job Manager Plugin 0.7.22 - Persistent XSS Vulnerability

Exploit for php platform in category web applications Job Manager Persistent XSS Details ======================================================================================== Product: Job Manager Plugin For Wordpress Vendor-URL: www.wp-jobmanager.com CVE-ID: CVE-2015-2321 Credits...

WordPress Filedownload 1.4 Open Proxy Vulnerability

WordPress Filedownload plugin version 1.4 suffers from an open proxy vulnerability. Title: Open Proxy in filedownload v1.4 wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-07-11 Download Site: https://wordpress.org/plugins/filedownload/ Vendor: Peter Gross Vendor Notified:...

WordPress Job Manager Plugin 0.7.22 - Persistent XSS

Job Manager plugin is prone to a persistent XSS vulnerability, because email field was not sanitized. It allows an attacler to steal cookies or perform phishing attacks. Other attacks are also possible. Solution Update the plugin...

WordPress Plugin Job Manager 0.7.22 - Persistent Cross-Site Scripting

WordPress Plugin Job Manager 0.7.22 - Persistent Cross-Site Scripting Job Manager Persistent XSS Details ======================================================================================== Product: Job Manager Plugin For Wordpress Vendor-URL: www.wp-jobmanager.com CVE-ID: CVE-2015-2321 Credi...

Microweber 1.0.3 - Persistent Cross-Site Scripting Cross-Site Request Forgery (Add Admin)

Microweber 1.0.3 - Persistent Cross-Site Scripting Cross-Site Request Forgery Add Admin Microweber v1.0.3 Stored XSS And CSRF Add Admin Exploit form action="http://localhost/micro...