WordPress Calls to Action <= 2.2.7 - Stored XSS

The AJAX action ‘inboundformsave’ allows unauthenticated users to update the content of any specific form on the site. In order to exploit this, a form ID must be enumerated using another unauthenticated AJAX action, ‘inboundgetformdata’. Once a form ID has been enumerated, the content of the for...

Apple Patches Thunderstrike Bug in OSX, Fixes More Than 30 Flaws in iOS

Apple has released major security updates for both OS X and iOS that includes patches for a number of bugs that could lead to arbitrary code execution. The release of iOS 8.1.3 fixes a vulnerability that allowed an attacker to bypass the sandbox restrictions in Safari and the OS X update fixes a...

Barracuda Networks Cloud Series - Filter Bypass

Document Title: =============== Barracuda Networks Cloud Series - Filter Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=754 Barracuda Networks Security ID BNSEC: 731 Release Date: ============= 2015-01-19 Vulnerability Laboratory ID...

Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability

Document Title: =============== Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1356 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID VL-ID: ==================================== 13...

SPSControl 1.2 Persistent Script Insertion

Document Title: =============== SPSControl v1.2 iOS - .spc Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1404 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ==================================== 1404...

Sitefinity Enterprise v7.2.53 - Persistent Vulnerability

Document Title: =============== Sitefinity Enterprise v7.2.53 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1369 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID VL-ID: ====================================...

SPSControl v1.2 iOS - (.spc) Persistent Vulnerability

Document Title: =============== SPSControl v1.2 iOS - .spc Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1404 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ==================================== 1404...

Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability

Document Title: =============== Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1356 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID VL-ID: ==================================== 13...

Sitefinity Enterprise 7.2.53 Script Insertion

Document Title: =============== Sitefinity Enterprise v7.2.53 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1369 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID VL-ID: ====================================...

Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability

Document Title: =============== Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1356 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID VL-ID: ==================================== 13...

Marketo Cloud - Persistent Mail Encoding Vulnerability

Document Title: =============== Marketo Cloud - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1321 Release Date: ============= 2015-01-13 Vulnerability Laboratory ID VL-ID: ==================================== 132...

Heroku API Deep Dive Script Insertion

Document Title: =============== Heroku API Deep Dive Bug Bounty 3 - Persistent UI Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1398 BugCrowd ID: 6b37910a3c5685b944a3ad65068aa251af47450953a06b8b13d74b35d708f6b0 Acknowledgement Hall of Fame:...

Marketo Cloud - Persistent Mail Encoding Vulnerability

Document Title: =============== Marketo Cloud - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1321 Release Date: ============= 2015-01-13 Vulnerability Laboratory ID VL-ID: ==================================== 132...

Heroku API DD Bug Bounty #3 - Persistent Vulnerability

Document Title: =============== Heroku API DD Bug Bounty 3 - Persistent Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1398 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 1398...

Heroku API DD Bug Bounty #3 - Persistent Vulnerability

Document Title: =============== Heroku API DD Bug Bounty 3 - Persistent Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1398 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 1398...

CMS BEdita 3.4.0 Cross Site Scripting

Advisory: Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0 Advisory ID: SROEADV-2014-10 Author: Steffen Rösemann Affected Software: CMS BEdita v. 3.4.0 Release-Date: 9th-May-2014 Vendor URL: http://www.bedita.com Vendor Status: working on a patch CVE-ID: - ==========================...

Heroku API Bug Bounty - Persistent Invitation Vulnerability

Document Title: =============== Heroku API Bug Bounty - Persistent Invitation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1300 Video: http://www.vulnerability-lab.com/getcontent.php?id=1335 BugCrowd ID:...

Heroku API Bug Bounty - Persistent Invitation Vulnerability

Document Title: =============== Heroku API Bug Bounty - Persistent Invitation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1300 Video: http://www.vulnerability-lab.com/getcontent.php?id=1335 BugCrowd ID:...

Thunderstrike Apple Mac OS X Firmware Bootkit Unveiled

A vulnerability at the heart of Apple’s Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac. The research is the work of a reverse...

Sitefinity Enterprise v7.2.53 - Persistent UI Vulnerability

Document Title: =============== Sitefinity Enterprise v7.2.53 - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1369 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID VL-ID: ===================================...