Eisbar SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability

Document Title: =============== Eisbar SCADA All Versions - iOS, Android & W8 - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1456 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID VL-ID:...

WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting

WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting Exploit Title: WordPress Free Counter Plugin Stored XSS Date: 2015/05/25 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://www.free-counter.org Software Link:...

WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting

Exploit Title: WordPress Free Counter Plugin Stored XSS Date: 2015/05/25 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://www.free-counter.org Software Link: https://wordpress.org/plugins/free-counter/ Version: 1.1 Tested on: WordPress 4.2.2...

[BSA-107] Security Update for horizon

Thomas Goirand uploaded new packages for horizon which fixed the following security problem: CVE-2015-3988: Sunil Yadav from IBM Security Services reported a persistent XSS in Horizon. An authenticated user may conduct a persistent XSS attack by setting a malicious metadata to a Glance image, a...

WordPress Plugin church_admin 0.800 - Persistent Cross-Site Scripting

WordPress Plugin churchadmin 0.800 - Persistent Cross-Site Scripting Exploit Title: Wordpress churchadmin Stored XSS Date: 21-04-2015 Exploit Author: woodspeed Vendor Homepage: https://wordpress.org/plugins/church-admin/ Version: 0.800 OSVDB ID : http://www.osvdb.org/show/osvdb/121304 WPVULNDB ID...

MemHT Portal 4.0.2 Persistent XSS Exploit

Stored XSS in statistics page. Made with changged user referer. Usage Info All information in source code. / Stored XSS for MemHT Portal 4.0.2 Manual: - Register on target site - Grab login cookie loginuser=idloginHashpasswordHash - Compile C source and run it xNet library is needed - Enter targe...

Anti-Malware & Brute-Force Security by ELI <= 4.15.22 - Stored XSS

The Anti-Malware and Brute-Force Security by ELI has two issues which we will cover in this report. The first is that no nonce CSRF token is utilized on the settings screen. This could potentially result in resource utilization by performing a large number of scans simultaneously, should an...

NextScripts: Social Networks Auto-Poster < 3.4.18 - CSRF to Stored XSS

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to a Persistent XSS attack on the settings screen, due to a lack of sanitation of user input, and lack of Cross-Site Request Forgery token nonce. PoC If a page with the following FORM in is visited by an administrativ...

Anti-Malware & Brute-Force Security by ELI <= 4.15.22 - Stored XSS

The Anti-Malware and Brute-Force Security by ELI has two issues which we will cover in this report. The first is that no nonce CSRF token is utilized on the settings screen. This could potentially result in resource utilization by performing a large number of scans simultaneously, should an...

search.wlbz2.com XSS vulnerability

Open Bug Bounty ID: OBB-63467 Description| Value ---|--- Affected Website:| search.wlbz2.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

Eisbär SCADA (All Versions) - Persistent UI Vulnerability

Document Title: =============== Eisbär SCADA All Versions - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1456 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID VL-ID: ==================================== 14...

HiDisk 2.4 iOS - (FolderPath) Persistent Vulnerability

Document Title: =============== HiDisk 2.4 iOS - FolderPath Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1496 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID VL-ID: ==================================== 1496...

Eisbär SCADA (All Versions) - Persistent UI Vulnerability

Document Title: =============== Eisbär SCADA All Versions - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1456 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID VL-ID: ==================================== 14...

iClassSchedule 1.6 Script Insertion

Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID:...

HiDisk 2.4 iOS - (FolderPath) Persistent Vulnerability

Document Title: =============== HiDisk 2.4 iOS - FolderPath Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1496 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID VL-ID: ==================================== 1496...

Hikvision DS-2CD2012-I XML Injection / Abuse Issues

Hello list! There are vulnerabilities in Hikvision DS-2CD2012-I. These are XML Injection, Abuse of Functionality and Brute Force vulnerabilities. All these vulnerabilities are present in other IP cameras and DVR of Hikvision. ------------------------- Affected vendors: -------------------------...

WordPress Booking Calendar Contact Form Plugin 1.0.2 - Multiple vulnerabilities

Booking Calendar Contact Form plugin is prone to multiple vulnerabilities: 1. Authenticated SQL injection in "get" parameter allows an attacker to escalate editor privileges. 2. Filter bypass & Authenticated SQL injection in "id" parameter via...

iClassSchedule 1.6 iOS & Android - Persistent Vulnerability

Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID: ===================================...

iClassSchedule 1.6 iOS & Android - Persistent Vulnerability

Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-12 Vulnerability Laboratory ID VL-ID: ===================================...

D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting

D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting !/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod Developed by Mauricio Corrêa XLabs Information Security WebSite:...