Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue

Document Title: =============== Woltlab Burning Board 3.9.1 pl1 - Persistent Web Vulnerability & Editor Reverse Encoding Issue References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1256 Video: http://www.vulnerability-lab.com/getcontent.php?id=1257 Release Dat...

SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex

SEC Consult Vulnerability Lab Security Advisory 20140430-0 ======================================================================= title: SQL injection and persistent XSS product: Typo3 3rd party extension sibibtex vulnerable version: sibibtex 0.2.3 fixed version: - impact: critical homepage:...

AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability

Document Title: =============== AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1252 Release Date: ============= 2014-04-08 Vulnerability Laboratory ID VL-ID:...

HP Laser Jet - JavaScript Persistent XSS via PJL Directory Traversal

Exploit for hardware platform in category web applications !/usr/bin/perl use strict; use warnings; use IO::Socket::INET; my $host = $ARGV0; Exploit Title: HP Laser Jet Persistent Javascript Cross Site Scripting via PJL Google Dork: n/a Date: 4/22/14 Exploit Author: @0x00string Vendor Homepage:...

BVS Site 4.0.1 / 5.2.1 Cross Site Scripting

Persistent Cross Site Scripting on BVS Site + Date: 02/05/2014 + Risk: HIGH + Author: Felipe Andrian Peixoto + Vendor Homepage: http://trac.reddes.bvsalud.org/projects/bvs-site/wiki/Downloads + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable File: index.php + Dork...

Juniper Networks Junos OS J-Web Persistent Cross Site Scripting Vulnerability

Persistent XSS Vulnerability in J-Web SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if description...

NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting

NETGEAR DGN2200 1.0.0.291.7.29HotS - Persistent Cross-Site Scripting Exploit Title: Stored XSS Vulnerability in NETGEAR DGN2200 Web interface Date 30/04/2014 Exploit author: Dolev Farhi @f1nhack Vendor homepage: http://netgear.com Affected Firmware version: 1.0.0.291.7.29HotS Affected Hardware:...

BarracudaDrive 6.7.1 Cross Site Scripting Vulnerability

BarracudaDrive version 6.7.1 suffers from multiple persistent and reflective cross site scripting vulnerabilities Title : BarracudaDrive Multiple XSS Vulnerabilities Author : Shakeel Bhat SecPod Technologies Pvt. Ltd. http://www.secpod.com Vendor : http://barracudadrive.com Advisory :...

BarracudaDrive 6.7.1 Cross Site Scripting

Title : BarracudaDrive Multiple XSS Vulnerabilities Author : Shakeel Bhat SecPod Technologies Pvt. Ltd. http://www.secpod.com Vendor : http://barracudadrive.com Advisory : http://secpod.org/blog/?p=2309 http://secpod.org/advisories/SecPodAdvistoryBarracudaDrive6.7.1MultXSSVuln.txt Software :...

Mail.ru: Persistent XSS in afisha.mail.ru

Adding a comment to article, this makes javascript execution possible. POST: http://afisha.mail.ru/ext/addcomment/ Post Content alias=article&id=42797&pid=&count=20&commentbody=%5Btesting%5D+%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&ok=%D0%94%D0%BE%D0%B1%D0%B0%D0%B2%D0%B8%D1%82%D1%8C also the...

HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal

HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal !/usr/bin/perl use strict; use warnings; use IO::Socket::INET; my $host = $ARGV0; Exploit Title: HP Laser Jet Persistent Javascript Cross Site Scripting via PJL Google Dork: n/a Date: 4/22/14 Exploit Author:...

Respondly: Persistent Cross-site scripting vulnerability settings.

Hello, I created an account with as group name ", after that I went to settings and found a Cross-site scripting vulnerability located at that page. The url for me : https://app.respond.ly/6sjp/settings/account I have a proof of concept in the attachment. best regards Olivier Beg...

IRCCloud: Dangerous Persistent xss

If a person is an op in a channel, it is possible to make all the users inside the irc channel execute javascript code. Steps to repoduce: 1.Go to a random channel where you are op. 2.Enter the following command: /ban alert2 3.The script will execute an alert box containing 2 in all the browsers ...

Woltlab Burning Board 3.9.1 - Persistent Encoding Issue

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Encoding Issue References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1257 Video: https://www.youtube.com/watch?v=jNwS7gV7cQE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1256 Release Date...

Woltlab Burning Board 3.9.1 - Persistent Encoding Issue

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Encoding Issue References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1257 Video: https://www.youtube.com/watch?v=jNwS7gV7cQE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1256 Release Date...

MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching

According to its self-reported version number, the MaraDNS server running on the remote host is affected by an issue when updating DNS records in the server's cache that were revoked, possibly for malicious reasons. A remote attacker can continually query an affected host for the revoked domain,...

Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1256 Video: http://www.vulnerability-lab.com/getcontent.php?id=1257 Release Date: ============= 2014-04-10...

AppFish Offline Coder 2.2 Persistent Script Insertion

Document Title: =============== AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1252 Release Date: ============= 2014-04-08 Vulnerability Laboratory ID VL-ID:...

Microsoft Office 365 Outlook - Persistent Vulnerability

Document Title: =============== Microsoft Office 365 Outlook - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=857 Microsoft Security Response Center MSRC ID: 14093 Microsoft Security Response Center MSRC MANAGER: JT Release Date...

Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1256 Video: http://www.vulnerability-lab.com/getcontent.php?id=1257 Release Date: ============= 2014-04-10...