D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting

!/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod URL Filter Developed by Mauricio Corrêa XLabs Information Security WebSite: www.xlabs.com.br CAUTION! This exploit disables some features of the modem, forcing the...

SynTail 1.5 Build 566 CSRF / Cross Site Scripting

Exploit Title: Multiple vulnerabilities in SynTail 1.5 Build 566 CSRF/Stored XSS Date: 07-05-2015 Exploit Author: Marlow Tannhauser Contact: [email protected] Vendor Homepage: http://www.synametrics.com Software Link: http://web.synametrics.com/SynTailDownload.htm Version: 1.5 Build 566...

Oracle Business Intelligence Mobile HD 11.x Script Insertion

Document Title: =============== Oracle Business Intelligence Mobile HD v11.x iOS - Persistent UI Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1361 Oracle Security ID: S0540289 Tracking ID: S0540289 Reporter ID: 1 2015Q1 Release Date:...

Yahoo eMarketing Cross Site Scripting

Document Title: =============== Yahoo eMarketing Bug Bounty 31 - Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1491 Yahoo Security ID H1: 55395 Release Date: ============= 2015-05-07 Vulnerability Laboratory ID VL-ID:...

Yahoo eMarketing Bug Bounty #31 - Cross Site Vulnerability

Document Title: =============== Yahoo eMarketing Bug Bounty 31 - Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1491 Yahoo Security ID H1: 55395 Release Date: ============= 2015-05-07 Vulnerability Laboratory ID VL-ID:...

WordPress Ultimate Product Catalogue 3.1.2 XSS / CSRF / File Upload Vulnerabilities

WordPress Ultimate Product Catalogue plugin version 3.1.2 suffers from cross site request forgery, cross site scripting, and file upload vulnerabilities. Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate Product Catalogue 3.1.2 Google Dork: inurl:"SingleProduct" intext:"Back...

PHP Fusion 7.02.07 XSS / Clickjacking

Hi Team, Affected Vendor: https://www.php-fusion.co.uk/home.php Date: 04/05/2015 Creditee: http://osvdb.org/creditees/13518-vadodil-joel-varghese Type of vulnerability: Persistent XSS + Clickjacking Tested on: Windows 8.1 Product: PHP Fusion Version: 7.02.07 1 Cross Site Scripting...

WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities

Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate Product Catalogue 3.1.2 Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category", inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/" Date: 22/04/2015 Exploit Author: Felipe Molina de...

SevDesk 1.1 Persistent Script Insertion

Document Title: =============== SevDesk v1.1 iOS - Persistent Dashboard Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1311 Release Date: ============= 2015-04-23 Vulnerability Laboratory ID VL-ID: ==================================== 1311...

White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...

White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...

Untangle Cross Site Scripting / Information Disclosure

This is a follow up to an earlier post, highlighting an XSS and information disclosure vulnerability in versions of Untangle 9-11 The previous post is shown in full below this post. Additional un-patched vectors have been discovered that allow for these issues to be exploited with increased...

OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting

OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting Exploit Title: Stored Cross-Site Scripting XSS in OTRS Date: 28.01.2014 Exploit Author: Adam Ziaja http://adamziaja.com Vendor Homepage: https://www.otrs.com Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 CVE :...

WordPress 4.2 - Persistent Cross-Site Scripting

WordPress 4.2 - Persistent Cross-Site Scripting Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If...

WordPress Core 4.2 - Persistent Cross-Site Scripting

Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default...

OTRS &lt; 3.1.x / &lt; 3.2.x / &lt; 3.3.x - Persistent Cross-Site Scripting

Exploit Title: Stored Cross-Site Scripting XSS in OTRS Date: 28.01.2014 Exploit Author: Adam Ziaja http://adamziaja.com Vendor Homepage: https://www.otrs.com Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 CVE : CVE-2014-1695 !/usr/bin/perl -w use strict; use MIME::Lite;...

Xoops CMS 2.5.7.1 Cross Site Scripting

Hi Team, Affected Vendor: http://www.xoops.org/ Date: 24/04/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Persistent XSS Tested on: Windows 8.1 Product: Xoops CMS Version: 2.5.7.1 Tested Link:...

Pligg CMS 2.0.2 Cross Site Scripting

Hi Team, Affected Vendor: http://pligg.com/ Date: 23/04/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Persistent XSS Tested on: Windows 8.1 Product: Pligg CMS Version: 2.0.2 Tested Link: http://localhost/pligg/admin/adminpage.php Description: Pligg CMS is a content management...

Socrata Online Service Script Insertion

Document Title: =============== Socrata Bug Bounty 1 - Persistent Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1438 Release Date: ============= 2015-04-22 Vulnerability Laboratory ID VL-ID: ====================================...

SevDesk v1.1 iOS - Persistent Dashboard Vulnerability

Document Title: =============== SevDesk v1.1 iOS - Persistent Dashboard Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1311 Release Date: ============= 2015-04-23 Vulnerability Laboratory ID VL-ID: ==================================== 1311...